try this
private void button1_Click(object sender, EventArgs e)
{
try
{
con.Open();
OleDbCommand cmd = new OleDbCommand();
cmd.Connection = con;
string sql = "insert into DailyMaterial (Dat,[Milk Powder],[Corn Flour],Flour,[Ammonium Bi Carbonate],[Sodium Bi Carbonate]," +
"[Baking Powder],[Acid Sodium Pyro Phospate],[Calcium Carbonate],[Coca POwder Normal],[Coca Powder Black],[Glucose Powder],[Sweet Cocnut]," +
"[Ethyl Vanillin],[Citric Acid],Caramel,Lecithin,[Gulucose Lquid],Sugar,Salt,[Vegetable Fat]) values ( " +
"@Dat,@Milk_Powder,@Corn_Flour,@Flour,@Ammonium_Bi_Carbonate,@Sodium_Bi_Carbonate,@Baking_Powder,@Acid_Sodium_Pyro_Phospate,@Calcium_Carbonate,@Coca_POwder_Normal,@Coca_Powder_Black,@Glucose_Powder,@Sweet_Cocnut,@Ethyl_Vanillin,@Citric_Acid,@Caramel,@Lecithin,@Gulucose_Lquid,@Sugar,@Salt,@Vegetable_Fat)";
cmd.CommandText = sql;
cmd.Parameters.AddWithValue("@Dat", dateTimePicker1.Value);
cmd.Parameters.AddWithValue("@Milk_Powder", textBox1.Text);
cmd.Parameters.AddWithValue("@Corn_Flour", textBox2.Text);
cmd.Parameters.AddWithValue("@Flour", textBox3.Text);
cmd.Parameters.AddWithValue("@Ammonium_Bi_Carbonate", textBox4.Text);
cmd.Parameters.AddWithValue("@Sodium_Bi_Carbonate", textBox5.Text);
cmd.Parameters.AddWithValue("@Baking_Powder", textBox6.Text);
cmd.Parameters.AddWithValue("@Acid_Sodium_Pyro_Phospate", textBox7.Text);
cmd.Parameters.AddWithValue("@Calcium_Carbonate", textBox8.Text);
cmd.Parameters.AddWithValue("@Coca_POwder_Normal", textBox9.Text);
cmd.Parameters.AddWithValue("@Coca_Powder_Black", textBox10.Text);
cmd.Parameters.AddWithValue("@Glucose_Powder", textBox11.Text);
cmd.Parameters.AddWithValue("@Sweet_Cocnut", textBox12.Text);
cmd.Parameters.AddWithValue("@Ethyl_Vanillin", textBox13.Text);
cmd.Parameters.AddWithValue("@Citric_Acid", textBox14.Text);
cmd.Parameters.AddWithValue("@Caramel", textBox15.Text);
cmd.Parameters.AddWithValue("@Lecithin", textBox16.Text);
cmd.Parameters.AddWithValue("@Gulucose_Lquid", textBox17.Text);
cmd.Parameters.AddWithValue("@Sugar", textBox18.Text);
cmd.Parameters.AddWithValue("@Salt", textBox19.Text);
cmd.Parameters.AddWithValue("@Vegetable_Fat", textBox20.Text);
cmd.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
You should always use
Parameterised query instead of concatenating the string values to form a query/statement, it will lead to
SQL Injection[
^] attacks.
Submit an article or tip