1) You can't just dump a small snippet of code and ask someone else to write the rest for you. It simply doesn't work that way.
2) When you write a query, use paramaterized queries, not inline concatenation as you have it written. (
How To: Paramaterized Queries)
3) You must ensure that the IDs of the textboxes in your UI match those used in your code.