No.
For starters, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And it very particularly won't work at all when you write it as a stored procedure, because that is executed in SQL Server, which doesn't have any access to your C# code variables.
Create a simple stored procedure to insert:
CREATE PROC [dbo].Sample
@ID varchar(100)
@VAL varchar(100)
AS
BEGIN
INSERT INTO MyTable (Id, ValueColumnName) VALUES (@ID, @VAL)
END
And then use it in your C# code:
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlCommand com = new SqlCommand("Sample", con))
{
com.CommandType = CommandType.StoredProcedure;
com.Parameters.AddWithValue("@ID", id);
com.Parameters.AddWithValue("@VAL", "This goes in the DB");
com.ExecuteNonQuery();
}
con.Close();
}
Try that, get it working on a test DB, and then use the same principles to create one suitable for your task.