1) You need to specifically check for a blank password.
Before you open the connection add the lines:
bool bFailed = true;
After your ExecuteNonQuery, change your code to:
if (result > 0)
MessageBox.Show("updated sucesfull \n" + "your new password is: " + textBox1.Text + " thanks for changing your password", "success");
login ls = new login();
bFailed = false;
That will solve the problem you are describing.
2) Don't do it like that! Never, ever store passwords in clear text, it is a major security risk! See here: Password Storage: How to do it.