Don't build your SQL query like you do ; better create a
SqlCommand
object, and add
SqlParameter
s to it.
For example :
string commandText = "INSERT INTO wbtrans VALUES(@recId, @termCode2)"
using (SqlConnexion cnx = new SqlConnection(connectionString))
using (SqlCommand cmd = new SqlCommand(commandText, cnx))
{
cnx.Open();
cmd.Parameters.AddWithValue("@recId", int.Parse(lblRecID.Text));
cmd.Parameters.AddWithValue("@termCode2", cboTermCode2.Text);
int result = cmd.ExecuteNonQuery();
}
I didn't put all the fields, but the scheme is the same.
I assumed recId id an integer, and termCode2 is a string. You have to pass the correct field type when you assign your parameters values.
Edited: forgot to open the connection