I have to agree with Dave Kreskowiak - do not encrypt passwords (and certainly not with such a poor excuse for an encryption method) - see here:
Password Storage: How to do it.[
^] (it's in C#, but the code is pretty simple and explains whay as well as how to use hashing).
But to add to that, your encryption is completely useless since your code is wide open to SQL Injection so nobody needs a password to login anyway, or could destroy your database by trying to log in. Use parameterized queries instead!