Don't do this way use parametrized query or use SPs to avoid sql-injection attacks
you can do this way:
string db1=textbox1.text;
string str = "Data Source=ABC-Pc\\SQLEXPRESS;Initial Catalog=mydb;Integrated Security=True";
SqlConnection conn = new SqlConnection(str);
conn.open();
string insertquery = "insert into marksheets(dbfield1) values(@dbfield1)
SqlCommand cmd = new SqlCommand(insertquery, conn);
cmd.Parameters.AddWithValue("@dbfield1", db1);
cmd.ExecuteNonQuery();
like this you can add as many fields as you want.
hope this helps :)
for further queries comment here!!