Don't do it like that!
There are two serious problems with that code, and the two are interrelated:
1) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^] - the code is in C#, but it's pretty simple, and online converters can translate it for you if necessary.
Put the two problems together and your login is useless: I can bypass your security and log in as you with full admin privileges just by entering my username as
Member 13347171';--
and leaving the password box empty.
Fix it here, fix it in the rest of your code and then worry about the problem you have noticed.
And stop swallowing exceptions: empty catch blocks just throw away all the information you need to fix a problem!