Build an SQL command, don't concatenate strings. Always use SQL Parameters!
string userName = txtUserName.Text;
SqlCommand cm = new SqlCommand("", YourConnection)
cm.CommandText = "Select FROM YourTable WHERE Name=@UserName"
cm.Parameters.Add("@UserName", SqlDbType.VarChar).Value = userName;
SqlDataReader reader = cm.ExecuteReader();
if (reader.Read())
{
}