Don't do that way
Use parameterized SQL queries[
^]
SqlConnection objConnection = new SqlConnection(_ConnectionString);
objConnection.Open();
SqlCommand objCommand = new SqlCommand(
"INSERT INTO Events(EventName,EventDate) VALUES(@EventName,@EventDate)",
objConnection);
SqlParameter parameter1 = new SqlParameter();
parameter1.ParameterName = "@EventName";
parameter1.SqlDbType = SqlDbType.NVarChar;
parameter1.Direction = ParameterDirection.Input;
parameter1.Value = categoryName;
objCommand.Parameters.Add(parameter1);
SqlParameter parameter2 = new SqlParameter();
parameter2.ParameterName = "@EventDate";
parameter2.SqlDbType = SqlDbType.DateTime;
parameter2.Direction = ParameterDirection.Input;
parameter2.Value = categoryName;
objCommand.Parameters.Add(parameter2);
objCommand.ExecuteNonQuery();
objConnection.Close();
BTW don't write Database related coding in your form or page. write in a separate layer. Refer this article.
Three Layer Architecture in C# .NET[
^]