The proper way to do this; as previously stated; is via the use of the
Sql Parameters Collection[
^].
Now the easiest way to implement in your case is going to be break out the INSERT table and columns portion of your command into multiple lines like this
INSERT TblCheckOut
( Name
, Address
, Mobile
, RoomType
, InDate
, OutDate
, Days
, RoomCharge
, RoomBill
, Otherservices
, TotalBill
, Status
)
And then replicate that into your values, pre-pending an ampersand onto the various column names like this for the VALUES half of your query
VALUES
( @Name
, @Address
, @Mobile
, @RoomType
, @InDate
, @OutDate
, @Days
, @RoomCharge
, @RoomBill
, @Otherservices
, @TotalBill
, @Status
)
And then take those
values once again; copy them and pre-pend those lines with
cmd.Parameters.AddWithValue
(replace
cmd to reflect your SqlCommand variable name)
cmd.Parameters.AddWithValue("@Name", );
cmd.Parameters.AddWithValue("@Address", );
cmd.Parameters.AddWithValue("@Mobile", );
cmd.Parameters.AddWithValue("@RoomType", );
cmd.Parameters.AddWithValue("@InDate", );
cmd.Parameters.AddWithValue("@OutDate", );
cmd.Parameters.AddWithValue("@Days", );
cmd.Parameters.AddWithValue("@RoomCharge", );
cmd.Parameters.AddWithValue("@RoomBill", );
cmd.Parameters.AddWithValue("@Otherservices", );
cmd.Parameters.AddWithValue("@TotalBill", );
cmd.Parameters.AddWithValue("@Status", );
And then you fill in the values from your textboxes, dropdowns, etc... And we can now see which item you forgot
cmd.Parameters.AddWithValue("@Name", combocustomer.Text);
cmd.Parameters.AddWithValue("@Address", lbladdress.Text);
cmd.Parameters.AddWithValue("@Mobile", lblmobile.Text);
cmd.Parameters.AddWithValue("@RoomType", lbltype.Text);
cmd.Parameters.AddWithValue("@InDate", dateTimePicker1.Text);
cmd.Parameters.AddWithValue("@OutDate", dateTimePicker2.Text);
cmd.Parameters.AddWithValue("@Days", lbldays.Text);
cmd.Parameters.AddWithValue("@RoomCharge", txtroomcharge.Text);
cmd.Parameters.AddWithValue("@RoomBill", );
cmd.Parameters.AddWithValue("@Otherservices", txtOtherServices.Text);
cmd.Parameters.AddWithValue("@TotalBill", txtTotoalBill.Text);
cmd.Parameters.AddWithValue("@Status", combostatus.Text);
And actually in this state your program most likely won't compile.
Obviously once you got all of this worked out you can remove all of the line breaks; so your final code should be similar to this
string str = "INSERT TblCheckOut (Name,Address,Mobile,RoomType,InDate,OutDate,Days,RoomCharge,RoomBill,Otherservices,TotalBill,Status) VALUES (@Name,@Address,@Mobile,@RoomType,@InDate,@OutDate,@Days,@RoomCharge,@RoomBill,@Otherservices,@TotalBill,@Status)";
SqlCommand cmd = new SqlCommand(str, conn);
cmd.Parameters.AddWithValue("@Name", combocustomer.Text);
cmd.Parameters.AddWithValue("@Address", lbladdress.Text);
cmd.Parameters.AddWithValue("@Mobile", lblmobile.Text);
cmd.Parameters.AddWithValue("@RoomType", lbltype.Text);
cmd.Parameters.AddWithValue("@InDate", dateTimePicker1.Text);
cmd.Parameters.AddWithValue("@OutDate", dateTimePicker2.Text);
cmd.Parameters.AddWithValue("@Days", lbldays.Text);
cmd.Parameters.AddWithValue("@RoomCharge", txtroomcharge.Text);
cmd.Parameters.AddWithValue("@RoomBill", );
cmd.Parameters.AddWithValue("@Otherservices", txtOtherServices.Text);
cmd.Parameters.AddWithValue("@TotalBill", txtTotoalBill.Text);
cmd.Parameters.AddWithValue("@Status", combostatus.Text);
Now, some other observations about this:
1. All of your values are being put in as text; several appear to be numeric or dates
2. You have column names that are generally avoided as they are special or reserved words