Try this using prepared statement
PreparedStatement pstmt;
String sql="Select * from login where username=? and password=?"
pstmt=conn.prepareStatement(sql);
pstmt.setString(1,username);
pstmt.setString(2,password);
ResultSet rs=pstmt.executeQuery();