There are several things wrong with your SQL query:
- An INSERT query should be:
INSERT INTO [Table] (Column1, Column2, .., ColumnN) VALUES (..)
Obviously, you forgot to mention which columns you want to populate.
- Construction a SQL statement by concatenating strings obtained from user inputs is really a bad habit that you should get rid of as soon as possible; because it leaves your code opened to SQL injection attacks.
- You should give your variables some meaningful names instead of the default ones. That would make your code easier to read, understand and debug.
Regarding these two points, your code should more be like:
private void button4_Click(object sender, EventArgs e)
{
using (SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename= C:\Users\Sharoon\Documents\Visual Studio 2010\Projects\Demo\Demo\bin\Debug\Demo.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"))
{
con.Open();
using (SqlCommand sc = new SqlCommand("INSERT INTO Company(Column1, Column2, Comun3, Column4, Column5, Column6, Column7, Colmun8, Column9, Column10, Column11, Column12, Column13, Column14) VALUES (@column1, @column2, @column3, @column4, @column5, @column6, @column7, @column8, @column9, @column10, @column11, @column12, @column13, @column14)"))
{
cmd.Parameters.AddWithValue("@column1", textBox2.Text);
cmd.Parameters.AddWithValue("@column2", textBox3.Text);
cmd.Parameters.AddWithValue("@column3", textBox4.Text);
cmd.Parameters.AddWithValue("@column4", textBox5.Text);
cmd.Parameters.AddWithValue("@column5", textBox6.Text);
cmd.Parameters.AddWithValue("@column6", textBox7.Text);
cmd.Parameters.AddWithValue("@column7", textBox8.Text);
cmd.Parameters.AddWithValue("@column8", textBox9.Text);
cmd.Parameters.AddWithValue("@column9", textBox10.Text);
cmd.Parameters.AddWithValue("@column10", textBox11.Text);
cmd.Parameters.AddWithValue("@column11", textBox12.Text);
cmd.Parameters.AddWithValue("@column12", textBox13.Text);
cmd.Parameters.AddWithValue("@column13", textBox14.Text);
cmd.Parameters.AddWithValue("@column14", textBox15.Text);
sc.ExecuteNonQuery();
MessageBox.Show(" Data successfully saved ");
}
}
}
But be careful! Some of the columns may not hold string values, but integers, or datetimes, instead.
Then you have to make sure the corresponding text value in the textbox is convertible to the type of the column in the database, and convert it before passing it to the AddWithValue method.
For an integer value, for example, this would give something like:
int result;
if (int.TryParse(textBox2.Text, out result)) {
cmd.Parameters.AddWithValue("@column1", result);
}
else {
}
Hope this helps. Good luck!