Please learn the correct way to do this and remember one cardinal rule for working when creating dynamic queries like this. That rule is to
always use paramaterized queries. Never use concatenated strings as is shown in Solutions 1, 2 and 3.
var checkbox1Ctl = yourGrid.FindControl("checkbox1ControlName") AS CheckBox;
var checkbox2Ctl = yourGrid.FindControl("checkbox1ControlName") AS CheckBox;
var checkbox3Ctl = yourGrid.FindControl("checkbox1ControlName") AS CheckBox;
using (SqlConnection connection = new SqlConnection(connectionString))
{
commandText = "INSERT INTO [yourTableName] ( col1, col2, col3 ) VALUES ( @col1Value, @col2Value, @col3Value )";
SqlCommand command = new SqlCommand(commandText, connection);
command.Parameters.AddWithValue("@col1Value", checkbox1Ctl != null ? checkbox1Ctl.Checked : false);
command.Parameters.AddWithValue("@col2Value", checkbox2Ctl != null ? checkbox1Ct2.Checked : false)
command.Parameters.AddWithValue("@col3Value", checkbox3Ctl != null ? checkbox1Ct3.Checked : false);;
try
{
connection.Open();
Int32 rowsAffected = command.ExecuteNonQuery();
Console.WriteLine("RowsAffected: {0}", rowsAffected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
For more information on this topic:
SQLCommand.Parameters[
^]