ASP.NET code question. Can anyone find the error in my code here? Thanks.?

[OrlandoMamix]

public partial class login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}


protected void Validateuserinfo(string user, string pass)
{

con = new MySqlConnection(Data Source=dbo.db.4439928.hostedresource.com; Initial Catalog=dbo; User ID=dbo; Password='Password');
string str;

str = ("select * from user where UserName='" + user + "' And UserPassword='" + pass + "'");
MySqlCommand cmd = new MySqlCommand(str, con);

con.Open();

DataTable dt = new DataTable(); MySqlDataAdapter ad = new MySqlDataAdapter(cmd);
ad.Fill(dt);

if (dt.Rows.Count > 0)
{

FormsAuthentication.RedirectFromLoginPage("Default.aspx");
}

else
{

Response.Write("INVALID Username and Password, Try Again!");
}

con.Close();

}

protected void Button1_Click(object sender, EventArgs e)
{
Validateuserinfo(TextBox1.Text.Trim(), TextBox2.Text.Trim());
}
}