Try this:
SqlCommand cmd = new SqlCommand("SELECT * FROM admin where user_id=@USERID and user_pwd=@PASSWORD");
cmd.Parameters.Add(new SqlParameter("@USERID", userIDTextbox.Value));
cmd.Parameters.Add(new SqlParameter("@PASSWORD", passwordTextbox.Value));
You will to replace
userIDTextbox
and
passwordTextbox
with the names you are using for the text boxes.