Im working on a SQL database project in C#. I'm looking to create a login form which will be presented when someone starts the application.

The connection is made to the database, however they must enter a correct username and password into the first form before they can proceed to see the rest.

I have created 2 text boxes, and a button txtusername and txtpassword and a button login.

Here is my SQL command:

SqlCommand command = new SqlCommand("SELECT * FROM tblUsers WHERE Username ='" + txtUsername + "' AND Password = '" + txtPassword + "'", Program.cs);

I'm looking for a way to show in a label if the sql command yields a result meaning the username and password is stored in the user table then it returns true or something. If there is a more efficient or effective way to this also let me know :).

This code is a Vulnerability in your project See this for details

You should never create command texts by concatenating strings. Use SqlParameter. That is to put first things first.

And it seems to me that you have no (or very little) understanding how data access works in .net. So I'd recommend you to read some books on that topic, for example, Microsoft's "Accessing Data with .NET Framework 4".

strong text*code for login page b

tn_click() //button click event 
{ 
    Sqlconnection con=new
    sqlconnection(Strcon); 

    String sqlquery="select usrname,password from loginpage where username='textname.text' and password='textpassword.text'"; 

    Sqlcommand sqlcom=new Sqlcommand(Sqlquery,con); 
    con.open(); 

    Sqldatareader dr;
    dr=sqlcomm.executereader(commandbehavior close connection);

    if(dr.read()) 
    {  
        session["un"]=dr["username"].Tostring();
        session["pwd"]=dr["userpassword"].Tostring();

        if(dr["userpassword"].Tostring()!=null); 
            respone.redirect("userdetail.aspx"); 
    } 
    else 
    { 
        respone.redirect("login.aspx"); 
    } 
    else 
    {
        lblmsg.text="invalid user"; 
    }
}