Although @Viorel helped solve your immediate issue, this code has another serious that need's to be addressed:
Dim cmd As SqlCommand = New SqlCommand("select * from LoginTable where username='" & Employeetxt.Text & "'and password='" & Password.Text & "'", con)
One should use parameters for values that vary by execution. Never build SQL statement strings with literals for these values, especially from untrusted sources like user input. Here's an example of a correctly parameterized query.
Dim cmd As SqlCommand = New SqlCommand("select * from LoginTable where username=@username and password=@password", con)
cmd.Parameters.Add(@username,SqlDbType.VarChar, 50).Value = Employeetxt.Text
cmd.Parameters.Add(@password,SqlDbType.VarChar, 50).Value = Password.Text
Parameterized queries have many benefits , including:
- improve security by preventing injection of unwanted SQL (barring non-parameterized server-side dynamic SQL)
- eliminate need to enclose literals in quotes (or not) depending on data type
- eliminate need prefix Unicode literal strings with N
- allow single quotes within strings without the need to escape them
- avoid the need to format date/time/datetime string literals in a particular way (which vary by culture)
- do not require decimal separators (which vary by culture)
- improve performance by reducing compilation costs and promoting execution plan cache reuse
- allow WHERE clause predicates with Always Encrypted columns
- code that’s cleaner and easier to maintain
Another concern here is that storing clear passwords in a database used to authenticate users should be avoided for security reasons. Instead, store and validate passwords using a salted hash so password credentials cannot be retrieved even if data are compromised.