Your query string is incorrect. Why?
Because
username= user
is sent to the server exactly as you enter it. 'user' is not replaced by its value and is consider, in fact, a column name in many version of sql.
You need to build the string so that the values are substituted in the string. For example,
username='{0}'
in your string, where user is it's value. For the rest of how to use this, see See C# string functions.
Remember to include single quotes around strings. on the format side of your string as you need them passed to the sql execution.