Please tell me what this sql query would be if it was parameterised.
str = "SELECT * FROM Login WHERE username= '" & txtUsername.Text & "' and password ='" & txtPassword.Text & "'"
str = "SELECT * FROM Login WHERE username= '" & txtUsername.Text & "' and password ='" & txtPassword.Text & "'"