You could change your query to this:
string cmdStr = "select count(*) from TableTrue where EmailAddress='" + TextBoxEA.Text + "' and INST_ID = " + TextBoxINST_ID.Text + "";
I only provided this code for ease of understanding. You should really be using parameterized queries to avoid SQL injection. Nonetheless, this query will check both user name and password and will only return data if both instances are satisfied.