Your issue is simply syntax; you had a period instead of a comma at textBox1.Text+"'.'"+textBox3.Text
The other issue is that you need to use parameterized queries.
Here is your code updated to use parameterization…
private void button2_Click(object sender, EventArgs e)
{
Byte[] IMAGES = null;
FileStream STREAM = new FileStream(IMGLOCATION, FileMode.Open, FileAccess.Read);
BinaryReader BSR = new BinaryReader(STREAM);
IMAGES = BSR.ReadBytes((int)STREAM.Length);
CON.Open();
string SQLQUERY = "INSERT INTO USERS (FULNAME,USERNAME,PASSWORD,IMAGE,STATUS)VALUES(@name, @username, @password, @IMG, @status)";
CMD = new SqlCommand(SQLQUERY,CON);
CMD.Parameters.AddWithValue("@name", textBox2.Text);
CMD.Parameters.AddWithValue("@username", textBox1.Text);
CMD.Parameters.AddWithValue("@password", textBox3.Text);
CMD.Parameters.Add(new SqlParameter("@IMG", IMAGES));
CMD.Parameters.AddWithValue("@status", textBox4.Text);
int N = CMD.ExecuteNonQuery();
CON.Close();
MessageBox.Show("USER CREATED SUCCESSFULLY");
}
Another side issue is that you’re not encrypting the password, but I’m guessing you’ll get to that eventually or just took it out for the sake of creating a minimal question.
1
solved Add new user to database