First of all,
NEVER accept unvalidated user input and concatenate a SQL command.
EVER! Got it?!? Do some research on SQL Injection attack.
Don't instantiate your connection object globally. Create it only when necessary.
Learn to about using clause, as in
using(SqlCommand cmd = new SqlCommand(...))
{
}
There is already a user database available with all the functionality for registration, unique naming, password reset, etc.
http://msdn.microsoft.com/en-us/library/ms229862(v=vs.80).aspx[
^]