abhishek_singh is right - you need a connection string to connect to your db, but in addition...
Please, please, don't do things like that!
There are two major mistakes you are making here:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. As your code stands, I do not need a password to log in as anybody!
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]