Just to show how a Sql Injection is really easy and, apart from destruction of data, could lead to other nasty effects
textbox1.Text = "' OR User_na LIKE '%'; --";
the resulting comm.CommandText is
comm.commandtext = @"Select * from Logins where User_na='' OR User_na LIKE '%'--pass_wrd= 'xxx'";
SqlDataReader r = cmd.ExecuteReader();
if(r.HasRows)
{
MessageBox.Show("The poor programmer was tricked by a smart hacker");
.....
}
then depending on how do you check the results of the query the unauthenticated user could gain access to your program