SQL run time error in asp.net c#

[mickythom]

I keep getting run time SQL query errors in asp.net. I am using c#. The error always starts with Incorrect Syntax near '(some word)'. I have checked and rechecked my code for any syntactic errors but never found any.. In the code below the error is Incorrect Syntax near 'user'. Please help.\[code\]using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;using System.Data;using System.Data.SqlClient;public partial class LogIn : System.Web.UI.Page{ SqlConnection con = new SqlConnection(); SqlCommand cmd = new SqlCommand(); protected void Page_Load(object sender, EventArgs e) { con.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users \Sony\Documents\Library\App_Data\Library.mdf;Integrated Security=True;User Instance=True"; cmd.Connection=con; con.Open(); }protected void txt_user_TextChanged(object sender, EventArgs e){}protected void txt_pass_TextChanged(object sender, EventArgs e){}protected void btn_log_Click(object sender, EventArgs e){ cmd.CommandText="select count(*) from user where Username='"+txt_user.Text+"' and Password='"+txt_pass.Text+"'"; int count =Convert.ToInt16(cmd.ExecuteScalar()); if (count==1) { Response.Redirect("Home.aspx"); } else { Label1.Text="Invalid Username or Password. Please try again.."; }}\[/code\]