You should use a procedure like this:
CREATE PROCEDURE spUserLogin
@Username VARCHAR(50),
@Password VARCHAR(50)
AS
BEGIN
IF(SELECT COUNT(*) FROM tblUser WHERE Username = @Username AND Password = @Password) > 0
BEGIN
END
ELSE
BEGIN
DECLARE @NoOfFailedAttempts SMALLINT
SET @NoOfFailedAttempts = (SELECT NoOfFailedAttempts FROM tblUser WHERE Username = @Username)
IF @NoOfFailedAttempts = 3
BEGIN
UPDATE tblUser SET Islocked = 1 WHERE Username = @Username
END
ELSE
BEGIN
UPDATE tblUser SET NoOfFailedAttempts = @NoOfFailedAttempts + 1 WHERE Username = @Username
END
END
SELECT NoOfFailedAttempts FROM tblUser WHERE Username = @Username
END
--Amit