Basically, you would do something like this:
"SELECT * FROM users where Username='" & txtUsername.Text &"' AND password='" & txtPassword.Text &"'"
If the above query returns 0 results, the username or password is invalid, if it returns a row (It should always only return 1 row) then the username and password are correct.
Read this if you want to know how to get a correct reply for your question:
^^Took that from planoie's profile^^
^^Modified text taken from gbianchi profile^^
Technical Editor for: Professional Search Engine Optimization with ASP.NET