1) Please don't do it like that. You leave yourself wide open to problems of all sorts, including SQL Injection attacks which could destroy your database. Use Parametrized queries instead.
MySqlCommand cmd = new MySqlCommand("sp_getUserCredentials(@UN, @PW)", con);
cmd.CommandType = CommandType.StoredProcedure;
int count = Convert.ToInt32(cmd.ExecuteScalar());
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.
These won't fix your problem immediately, but they do need doing.