To add to what Marcus says, please do not access your database like that anyway.
By concatenating strings to form your query, you leave yourself wide open to accidental or deliberate SQL Injection attacks. Use parametrized queries instead:
string sql2 = "select pwd from generate where roll_no=@RN";
OleDbCommand pass = new OleDbCommand(sql2, con);
pass.Parameters.AddwithValue("@RN", TextROLL.Text);
You also should close and dispose of your connection and command objects -
using
blocks are probably the cleanest way to do this.