[Solved] Is SqlCommand the only way of adding,deleting and updating records?

Question

Your code seems fine to me, and I am unsure as to what your exact issue is; however, to clear your TextBox control’s .Text property; assign it a value of string.Empty.

textBox1.Text = string.Empty;

As far as your insert command, that looks fine. A point has been made that your code is vulnerable to SQL Injection, but unless you need to safeguard your information, then I wouldn’t worry too much. If you are worried about SQL Injection and how to protect against it, there are many posts here, and many articles online on how to protect your applications from this type of attack. Things to look into are:

Parameterization of dynamic data and queries.
Don’t overuse dynamically generated queries.
Utilize sp_executesql when executing dynamic queries so that parameters can’t be manipulated.

Accepted Answer

Your code seems fine to me, and I am unsure as to what your exact issue is; however, to clear your TextBox control’s .Text property; assign it a value of string.Empty.

textBox1.Text = string.Empty;

As far as your insert command, that looks fine. A point has been made that your code is vulnerable to SQL Injection, but unless you need to safeguard your information, then I wouldn’t worry too much. If you are worried about SQL Injection and how to protect against it, there are many posts here, and many articles online on how to protect your applications from this type of attack. Things to look into are:

Parameterization of dynamic data and queries.
Don’t overuse dynamically generated queries.
Utilize sp_executesql when executing dynamic queries so that parameters can’t be manipulated.