SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES ('" + UT + "')", conn);
Don't do it like that!
Your code is vulnerable to SQL Injection
use string concatenation/interpolation to build a SQL query. ALWAYS
use a parameterized query.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange
Query Parameterization Cheat Sheet | OWASP
And it just so happens that by fixing this critical security vulnerability in your code, you will also
fix your encoding problem as a free bonus. Instead of concatenating your text into your SQL command as a non-Unicode literal, you will pass it through as a Unicode parameter. So long as your table column is defined as
, your Arabic text will be stored and retrieved correctly.
using (SqlCommand sqlcmd = new SqlCommand("INSERT INTO YETBCountor (YETBType) VALUES (@YETBType)", conn))