As others have pointed out, your code is vulnerable to SQL Injection. But you already knew that! :)
I believe you just wanted an example of how to fix the vulnerability:
using (SqlConnection con = new SqlConnection(myConnectionString))
{
con.Open();
using (SqlCommand command = new SqlCommand("INSERT INTO [next] (id, time, clock, username, Name_Arabic, gender) VALUES (@id, @time, @clock, @username, @Name_Arabic, @gender)", con))
{
command.Parameters.AddWithValue("@id", txtCIVILIDD.Text);
command.Parameters.AddWithValue("@time", txttime.Text);
command.Parameters.AddWithValue("@clock", txtclock.Text);
command.Parameters.AddWithValue("@username", txtusername.Text);
command.Parameters.AddWithValue("@Name_Arabic", txtName_Arabic.Text);
command.Parameters.AddWithValue("@gender", CBgender.Text);
command.ExecuteNonQuery();
}
using (SqlCommand command = new SqlCommand("SELECT * FROM [next] WHERE id = @id", con))
{
command.Parameters.AddWithValue("@id", txtCIVILIDD.Text);
SqlDataAdapter adapter = new SqlDataAdapter(command);
DataSet data = new DataSet();
adapter.Fill(data);
}
}
NB: As pointed out in the comments, you may encounter problems if the text in your controls can't be converted to the appropriate types for the columns. If necessary, you will need to validate the text and/or convert it to an appropriate type before adding the parameters.
Some light reading for you:
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[
^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[
^]
Query Parameterization Cheat Sheet | OWASP[
^]