1. You've seen this in the other answers- you have SQL Injection Vulnerabilities. You should seriously review the links that have been provided.
2. You are executing your SQL batch (INSERT and SELECT) with the
ExecuteNonQuery()
function. This will always return an Int64 representing the
rows affected of the last command; so pretty much it will always be 1.
What you want to do is to use the
ExecuteScalar()
function that will return the 1 data element that you want. Furthermore you are returning it and not capturing that value.
3. Your ReturnIdentity function will probably return 0; as it is run as a separate command and the only item in a batch.
I did some quick cleanup of the first 2 items; using Parameters in the query, changing the Execute function, and capturing the Identity within a new variable. I removed the Cast from the TSQL and you can do that within the calling app.
string query = "INSERT INTO [USER] (Use_Sgi, Use_FirstName, Use_LastName, Use_Email, Use_MobilePhone, Use_BusinessPhone, Com_ID, Loc_ID ) values(?, ?, ?, ?, ?, ?, ?, ?); SELECT @@Identity()";
OleDbCommand cmd = new OleDbCommand(query, com);
cmd.Parameters.AddWithValue("@sgi", txtsgi.Text);
cmd.Parameters.AddWithValue("@nom", txtnom.Text);
cmd.Parameters.AddWithValue("@prenom", txtprenom);
cmd.Parameters.AddWithValue("@email", txtemail);
cmd.Parameters.AddWithValue("@telphonefix", txttelphonefix);
cmd.Parameters.AddWithValue("@telphonemobile", txttelephonemobile);
cmd.Parameters.AddWithValue("@company", cbocompany.Text);
cmd.Parameters.AddWithValue("@localiter", cbolocaliter.Text);
con.Open();
var NewIdentity = cmd.ExecuteScalar();
con.Close();
Once you get the basics fixed of C# talking to a database, people will be much more likely to help you out with any specific issues you are having with it