webservice code for authentication of doctor, patient and adding of new patient

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Data;
using MySql.Data;
using MySql.Data.MySqlClient;
using System.Data.Odbc;
using System.EnterpriseServices;
using System.Web.Services.Configuration;



/// <summary>
/// Summary description for hello
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class project : System.Web.Services.WebService {

    public project () {

        //Uncomment the following line if using designed components
        //InitializeComponent();
    }

  
    
    // [WebMethod(TransactionOption = TransactionOption.RequiresNew)]
  // [WebMethod]
   // public string HelloWorld() {
   //    return "Hello World";
  // }
   
  
    OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 5.1 Driver};Server=localhost;Database=project_table; User=root;Password=project;Option=3;");
  
    [WebMethod(Description = "login for doctor", EnableSession = false)]
    public string dlogin(string user, string password)
    {
    string mystring ="select dname from doctor_login where duser='"+ Convert.ToString(user) +"' AND  dpassword='" + Convert.ToString(password) + "'";
    OdbcCommand cm = new OdbcCommand(mystring, cn);
    cn.Open();
    OdbcDataReader r = cm.ExecuteReader();
        while (r.Read())
            {
                string thisrow = "";
            for (int i = 0; i < r.FieldCount; i++)
                thisrow = thisrow + r.GetValue(i).ToString() + ",";
             
               return (thisrow);
           // if (thisrow.Length >= 1)
            //    return(true);
            //else
             //   return(false);
          
            }
        cn.Close();
        return null;
         }


    [WebMethod(Description = "login for Patient", EnableSession = false)]
    public string plogin(string user, string password)
    {
        string mystring = "select pid,pname from patient_login where puser='" + Convert.ToString(user) + "' AND  ppassword='" + Convert.ToString(password) + "'";
        OdbcCommand cm = new OdbcCommand(mystring, cn);
        cn.Open();
        OdbcDataReader r = cm.ExecuteReader();
        while (r.Read())
        {
            string thisrow = "";
            for (int i = 0; i < r.FieldCount; i++)
                thisrow = thisrow + r.GetValue(i).ToString() + ",";

             return (thisrow);
          //  if (thisrow.Length >= 1)
            //    return (true);
            //else
              //  return (false);

        }
        cn.Close();
        return null;
    }


    [WebMethod(Description = "register new patient", EnableSession = false)]
    public bool insertpatient(int id, string name, string user, string password, string email)
    {
        bool returnBool = false;
        string str = "INSERT INTO patient_login(pid,pname,puser,ppassword,pemail) values(" + id + ",'" + name + "','" + user + "','" + password + "','" + email + "')";
        OdbcCommand cmd = new OdbcCommand(str, cn);
        try
        {
            cn.Open();
            if (cmd.ExecuteNonQuery() != 0)
                returnBool = true;
            returnBool = true;
        }
        catch
        {
            returnBool = false;
        }
        cn.Close();
        return returnBool;
    }
  }