whats wrong with this code??(c1.CommandText = "insert into stu values='" + textBox1 + "','" + textBox2 + "'";)

by

Your code should be..

c1.CommandText = "insert into stu values('" + textBox1.Text + "','" + textBox2.Text + "')";

but I’d suggest you to use parameterized SQL query to avoid SQL injection attacks

here is how your query will look after parameterising

c1.CommandText = "insert into stu values(@textBox1, @textBox2)";

c1.Parameters.AddWithValue("@textBox1", textBox1.Text)
c1.Parameters.AddWithValue("@textBox2", textBox2.Text)

here is an useful link that will help you to know more about parameterized queries.

Using Parameterized queries to prevent SQL Injection Attacks in SQL Server

Browse More Popular Posts

Leave a Comment