public bool login(User user) { string sql = String.Format("select * from user where username = '******' and password = '******'", user.Username, user.Password); return(userData.ExecuteScalar(sql)); }