How do I to insert data into an SQL table using C# as well as implement an upload function?
You should use parameters in your query to prevent attacks, like if someone entered '); drop table ArticlesTBL;--'
as one of the values.
string query = "INSERT INTO ArticlesTBL (ArticleTitle, ArticleContent, ArticleType, ArticleImg, ArticleBrief, ArticleDateTime, ArticleAuthor, ArticlePublished, ArticleHomeDisplay, ArticleViews)";query += " VALUES (@ArticleTitle, @ArticleContent, @ArticleType, @ArticleImg, @ArticleBrief, @ArticleDateTime, @ArticleAuthor, @ArticlePublished, @ArticleHomeDisplay, @ArticleViews)";SqlCommand myCommand = new SqlCommand(query, myConnection);myCommand.Parameters.AddWithValue("@ArticleTitle", ArticleTitleTextBox.Text);myCommand.Parameters.AddWithValue("@ArticleContent", ArticleContentTextBox.Text);// ... other parametersmyCommand.ExecuteNonQuery();
using System;using System.Data;using System.Data.SqlClient;namespace InsertingData{ class sqlinsertdata { static void Main(string[] args) { try { SqlConnection conn = new SqlConnection("Data source=USER-PC; Database=Emp123;User Id=sa;Password=sa123"); conn.Open(); SqlCommand cmd = new SqlCommand("insert into <Table Name>values(1,'nagendra',10000);",conn); cmd.ExecuteNonQuery(); Console.WriteLine("Inserting Data Successfully"); conn.Close(); } catch(Exception e) { Console.WriteLine("Exception Occre while creating table:" + e.Message + "\t" + e.GetType()); } Console.ReadKey(); } }}