VB.NET/ SQL Server 2012 - Invalid column name

[borodatiy]

When pressing the 'Register' button, VS 2012 is giving me an error in an sql statement\[code\]sqlValidate = "SELECT * FROM users where username=" + txtUsername.Text.ToString\[/code\]The error being:\[code\]Invalid column name 'cdarwin' \[/code\]Where 'cdarwin' is the username entered in txtUsername.Can anyone tell me whats wrong?This is the full code for the sub:\[code\] Public Sub register() Dim Username As String = txtUsername.Text Dim Surname As String = txtSurname.Text Dim Password As String = txtPassword.Text Dim Name As String = txtName.Text Dim Address1 As String = txtAddress1.Text Dim Address2 As String = txtAddress2.Text Dim City As String = txtCity.Text Dim Email As String = txtEmail.Text Dim Country As String = drpCountry.Text Dim DOB As Date = calDOB.SelectedDate Dim Occupation As String = txtOccupation.Text Dim WorkLocation As String = txtWorkLocation.Text Dim Age As Integer = Date.Today.Year - calDOB.SelectedDate.Year Dim ProjectManager As String = "N/A" Dim TeamLeader As String = "N/A" Dim TeamLeaderID As Integer = "1" Dim ProjectManagerID As Integer = "1" Dim RegistrationDate As Date = DateTime.Today Dim ContractType As String = "N/A" Dim ContractDuration As Integer = 6 Dim Department As String = "N/A" Dim conn As New SqlConnection("Data Source=BRIAN-PC\SQLEXPRESS;Initial Catalog=master_db;Integrated Security=True") Dim registerSQL As SqlCommand Dim sqlComm As String Dim validateSQL As SqlCommand Dim sqlValidate As String sqlValidate = "SELECT * FROM users where username=" + txtUsername.Text.ToString sqlComm = "INSERT INTO users(Username, Password, Name, Surname, Address1, Address2, " + "City, Country, date_of_birth, age, Occupation, department, work_location, " + "project_manager,team_leader, team_leader_id, project_manager_id, " + "date_registration, contract_type, contract_duration) " + "VALUES(@p1, @p2,@p3,@p4,@p5,@p6,@p7,@p8,@p9,@p10,@p11,@p12,@p13,@p14,@p15," + "@p16,@p17,@p18,@p19,@p20)" conn.Open() validateSQL = New SqlCommand(sqlValidate, conn) Dim dr As SqlDataReader = validateSQL.ExecuteReader() If dr.HasRows = False Then dr.Close() registerSQL = New SqlCommand(sqlComm, conn) registerSQL.Parameters.AddWithValue("@p1", Username) registerSQL.Parameters.AddWithValue("@p2", Password) registerSQL.Parameters.AddWithValue("@p3", Name) registerSQL.Parameters.AddWithValue("@p4", Surname) registerSQL.Parameters.AddWithValue("@p5", Address1) registerSQL.Parameters.AddWithValue("@p6", Address2) registerSQL.Parameters.AddWithValue("@p7", City) registerSQL.Parameters.AddWithValue("@p8", Country) registerSQL.Parameters.AddWithValue("@p9", DOB) registerSQL.Parameters.AddWithValue("@p10", Age) registerSQL.Parameters.AddWithValue("@p11", Occupation) registerSQL.Parameters.AddWithValue("@p12", Department) registerSQL.Parameters.AddWithValue("@p13", WorkLocation) registerSQL.Parameters.AddWithValue("@p14", ProjectManager) registerSQL.Parameters.AddWithValue("@p15", TeamLeader) registerSQL.Parameters.AddWithValue("@p16", TeamLeaderID) registerSQL.Parameters.AddWithValue("@p17", ProjectManagerID) registerSQL.Parameters.AddWithValue("@p18", RegistrationDate) registerSQL.Parameters.AddWithValue("@p19", ContractType) registerSQL.Parameters.AddWithValue("@p20", ContractDuration) registerSQL.ExecuteNonQuery() conn.Close() ElseIf dr.HasRows = True Then lblUsername.Text = "That Username (" + txtUsername.Text + ") is already registered/taken." lblUsername.Visible = True conn.Close() End If End Sub\[/code\]