Use parametrized Query
string s = "select UserName,Password,Designation from Login where UserName=@uname and Password=@pass;
SqlCommand cmd1 = new SqlCommand(s, con);
cmd1.Parameters.AddWithValue("uname",TextBox1.Text);
cmd1.Parameters.AddWithValue("pass",TextBox2.Text);
SqlDataReader dr = cmd1.ExecuteReader(CommandBehavior.SingleRow);