you should use SqlCommand object for executing sql query. Pass the values as parameters to the SqlCommand object. try search engines for help. And have a look at following.
Reasons I'd fire anyone who wrote this code for me
1 - hard coded connection string
2 - SQL code in presentation layer
3 - lack of any sort of database security, esp in what looks like an account creation page, which anyone could presumably access and thus erase or hack the entire DB
4 - the password for the database is abc
5 - using an integer for a boolean flag
6 - this method does several things, which should be refactored into different methods
7 - using Response.Write to communicate with the user instead of setting text in a properly styled and positioned control
by
Christian Graus