Firstly, you should use
Parameterized queries[
^]
Not only does it help to protect you against SQL Injection attacks it also removes the need to worry about those single quotes around values, nor do you need to convert the
.Value
with
.ToString()
If you note your formatted code you appear to have a problem with quotes and double quotes. If you debug your code and look at the contents of the variable
sql
you will see it is not valid sql
insert into Student (ID, name)Values ('theValue
Set your sql to be something like
sql = "insert into Student (ID, name) Values (@value1, @value2)"
and create two parameters for your command
cmd.Parameters.Add(new OleDbParameter("@value1", rw.Cells(0).Value))
cmd.Parameters.Add(new OleDbParameter("@value2", rw.Cells(1).Value))
If you are not sure how to debug your code have a read of this article -
Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[
^]