Put a placeholder in your query for each parameter;
string query = "SELECT * FROM Employees WHERE Username = @username AND Password = @password";
Then add the parameters to the query text as follows;
DataTable dtResults;
using(SqlConnection conn = new SqlConnection(@"Data Source=HP\SQLEXPRESS;Initial Catalog=Inventory;Integrated Security=True"))
{
SqlCommand cmd = new SqlCommand(conn, query);
cmd.Parameters.Add("@username", SqlDbType.Varchar);
cmd.Parameters["@username"].Value = Username_txt.Text;
cmd.Parameters.AddWithValue("@password", Password_txt.Text);
conn.Open();
SqlDataAdapter adap = new SqlDataAdapter(cmd);
adap.Fill(dtResults);
}
MSDN is an excellent source of reference material, below is a link to the SqlCommand.Parameters property which you may find useful;
SqlCommand.Parameters Property (System.Data.SqlClient)[
^]
Kind Regards