User Name is invalid. unable to read the username from database(ASP.net)

Question

i was trying to create a login page that connected to my database. but it showed user is invalid. May i know what is the problem? thanks! here is the full code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

public partial class Login : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ToString());
        conn.Open();
        string checkuser = " select count(*) from [Table] where UserName = ' " + TextBoxUserName.Text + "' and Password='"+ TextBoxPassword.Text + "' ";
        SqlCommand com = new SqlCommand(checkuser, conn);
        int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
        if (temp == 1)
        {
            Session["user"] = TextBoxUserName.Text;
            Response.Write("Login success");
        }
        else
        {
            Response.Write("Login fail");
        }

    } 

Answer 1

To your question first: You have a space, where you shouldn't have one. where UserName = ' " The system checks this space too and that's wrong. You only want the TextBox Content, am I right.

The second thing is the security of this code. Your code is very vulnerable to sql injections and the password should never be in plain Text, Hash is the better answer.