There are many mistakes in your SQL command. In fact your code is quite horrible; writing clean code would make most errors stand out much easier.
cmd = new OleDbCommand(@"INSERT INTO Teacher (ID ,Name ,Phone ,Gmail ,Address) VAlUS (" + Convert.ToInt32(textBox1.Text) + ",'" + textBox2.Text + "'," + Convert.ToInt32(textBox3.Text) + ",'" + textBox4.Text + ",'" + textBox5.Text + "')", con);
Some problems have already been mentioned by others, some haven't:
- typo in VALUES keyword;
- as cmd is a string, every part should be a string; e.g. textbox1.Text is converted to int and that is wrong; you could undo it by appending ToString() but that would be silly, the conversion is unnecessary, a sinple textbox1.Text should do (indeed, without single quotes as a numeric value is expected);
- assuming Phone is a typical phone number, it can't be a numeric field, as it might be quite long and leading zeroes would be significant, hence it must be stored as a string;
makes no sense whatsoever;
- your quotes are all wrong, e.g.
gets a single quote prefix but no single quote suffix??
Here are some suggestions writing more defensively:
- don't write multiline statements if you can avoid them; the compiler doesn't mind, however the human brain has trouble seeing errors in them.
- choose your identifier names carefully, do not just use textbox1, textbox2, ...
- user inputs must always be validated; it makes no sense to create some code where any input error would result at best in a vague error message, something like "syntax error in SQL statement". Therefore, first validate all the inputs, and if errors occur report them, otherwise start the SQL stuff. This also applies to a short-lived program for a single user, make it a habit to always validate user input!
- when you use SQL parameters rather than string concatenation, you not only avoid SQL attacks, but you also automatically get more but simpler statements, and everything looks much simpler, allowing you to see your mistakes yourself.