First of all, all notes about
SqlInjection
are very important! So, please, read about it before you start doing anything.
Instead of such of statement:
command.CommandText = "insert into tblcustomer where customername='" + txt_customername.Text + "' and Name='" + txt_Name.Text + "' and Surname='" + txt_Surname.Text + "'";
you should use parameterized query:
command.CommandText = "INSERT INTO tblcustomer (customername, Name, Surname)
VALUES(@custname, @name, @surname)";
command.Parameters.AddWithValue("@custname", txt_customername.Text);
command.Parameters.AddWithValue("@name", txt_Name.Text);
command.Parameters.AddWithValue("@surname", txt_Surname.Text);
For further details, please see:
OleDbParameterCollection.AddWithValue Method (String, Object) (System.Data.OleDb)[
^]