Well first of all you don’t have quotes around your string. You’re also missing a plus sign. It should be like:
string sql1 = "insert into items values ( '" + this.name + "')";
However, this is a really bad way of handling your SQL queries through C#. You should be using parameterized queries! There are a lot of bad things that can happen to your database if you do things like this…
See the example of using the SqlCommand class with parameters at the bottom of this page:
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx
solved add user input in database [duplicate]