Ok, so your not open to sql injection directly, but I would never advise using a textbox.text directly. You should handle errors first. Take this example:
private void button1_Click(object sender, EventArgs e)
{
int id;
if(!int.TryParse(textBox1.Text,out id) || id <= 0){
}
string name = textBox2.Text.trim();
if(string.isNullOrEmpty(name)){
}
SqlConnection cn = new SqlConnection("server=DESKTOP-7QODVGC\\SQLEXPRESS;uid=sa;database=employee;password=cdac");
cn.Open();
SqlCommand cmd = new SqlCommand("spinsert_3", cn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("Id",SqlDbType.Int){Value=id};
cmd.Parameters.Add("Name",SqlDbType.VarChar){Value=name};
try
{
cmd.ExecuteNonQuery();
cn.Close();
MessageBox.Show("Created");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
That will hopefully at least catch the issue
let me know ^_^
Andy