Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[
^]
SQL Injection[
^]
Quote:
please help me and tell me how can I do this
First, use the debugger to understanf how you get null values.
When you don't understand what your code is doing or why it does what it does, the answer is
debugger.
Use the debugger to see what your code is doing. Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute, it is an incredible learning tool.
Debugger - Wikipedia, the free encyclopedia[
^]
Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[
^]
Basic Debugging with Visual Studio 2010 - YouTube[
^]
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't find bugs, it just help you to. When the code don't do what is expected, you are close to a bug.