Reconfigure to prevent database injection

Question

I have this code and it works great The problem is that the vulnerability inflates the database before the code checks the entry You are only supposed to check entries containing letters and numbers before making a request to look up the username in the database Where the hacker injects the code in the place of the username and the code goes to search for the name and then returns the values ​​and then tells that the name exists or the values ​​contain symbols I want help to have the code check the name, for example, that it is empty, or give a message that the name does not meet the conditions, then it does a search and if the name exists, it gives a message that the name already exists I hope the idea is clear

            conn.Open();
             //
             SqlCommand select1 = new SqlCommand("Select account,email from Account where account = '"+username+"' or email = '"+elmail+"'",conn);
             SqlDataReader rader = select1.ExecuteReader();

            while (rader.Read())
            {
                //
                userr = rader.GetSqlValue(0).ToString();
                emailr = rader.GetSqlValue(1).ToString();
            }
            //
            if (userr == username || emailr == elmail)
            {
                //
                Label1.Text = "Username or email already exists";
                Label1.ForeColor = System.Drawing.Color.Yellow;
                conn.Close();
            }
            else if (Captcha != Session["CaptchaValue"].ToString())
            {
                Label1.Text = "output error";
                Label1.ForeColor = System.Drawing.Color.Yellow;
                
                }
            else if (password != passwordconf) {
                //
                Label1.Text = "Passwords do not match";
                Label1.ForeColor = System.Drawing.Color.Yellow;
                
            }
            else if(elmail != emailconfe){
                //
                Label1.Text = "Email does not match";
                Label1.ForeColor = System.Drawing.Color.Yellow;
                
            }
            //else if (!Regex.IsMatch(username, "^[a-zA-Z0-9]{4,10}$")) {
                else if (!Regex.IsMatch(username, @"(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?")) {
                Label1.Text = "Password must consist of letters and numbers only, not less than 4 characters, and not more than 10 characters";
                Label1.ForeColor = System.Drawing.Color.Yellow;
            }
            //else if (!Regex.IsMatch(password, "^[a-zA-Z0-9]{4,10}$")) {
                else if (!Regex.IsMatch(password, @"(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?")) {
                Label1.Text = "Password must consist of letters and numbers only, not less than 4 characters, and not more than 10 characters";
                Label1.ForeColor = System.Drawing.Color.Yellow;
            }
            else if (!Regex.IsMatch(elmail, "^[a-zA-Z0-9_\\.-]+@([a-zA-Z0-9-]+\\.)+[a-zA-Z]{1,5}$"))
            {
                Label1.Text = "Incorrect mail";
                Label1.ForeColor = System.Drawing.Color.Yellow;
            }
            else
            {