Insert into ITCircular(title,type,url1,url2) values('" + txttitle.Text + "','" + txttype.Text + "','" + path + "','" + path1 + "')
It is unsafe method to write query as above.We should use parametrized query.
to avoid website hacking ,
you can use encryption/Decryption techniques.