There are a whole load of things wrong here: The first being "do not concatenate your strings". Google for "Sql Injection Attack" and then change to parametrized queries before you accidentally or deliberately destroy your database.
Second: Dont store your passwords in text. There is a Tip here which describes a better way:
Password Storage: How to do it.[
^]
Third: Why are you returning the customer ID in your SELECT statement, when you only ask for the values which match it?
Isn't the test
if (custid == txtcustid.Text && password == txtpswd.Text)
kinda rendundant?
Fourth: What problem are you having?