There are a number of more serious problems here you need to look at:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Particularly with a login system where users don;t even have to know a username to delete your DB! :doh:
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
3) Never "hard-code" connections strings: it means you have to find and change each and every one if there is any change in your system. For example, when you release this to production...
4) You do realise that emails can be considerably longer than 50 characters, don't you?
5) Don't use
SELECT * FROM
- it's inefficient and can cause problems. List the columns you need to fetch only.
6) And finally...you can't use ExecuteScalar with a SELECT that returns multiple values! Which is why you get the error you are: you can't cast 4 columns to an integer... Use
SELECT COUNT(*)
or a DataReader / DataAdapter instead.
I'd also strongly suggest that you use an ID column on your DB as well: either an IDENTITY field, or a UNIQUEIDENTIFER