How to insert data from radiobutton and combobox to table in MS Sql

Question

I am working on building an application with c# WF. I created an employee table in MS sql database. I have two radio buttons for gender (male and female). Depending on how users click on radio button (male or female), I would like to write sql statement that can insert one of the two radiobutton choices. Same thing applies to combobox. Upon user's choice of selection to data from combobox, I want data to save in table. I googled the questions, and didn't come out the right one. There is one posted here at Feb 7th. Question was unaswered. Not sure how to write codes for combobox.

("INSERT INTO Employeess(EmpID,FirstName,LastName,Salary,desgnation,gender) 
                        values ('" + textBox1.Text + "','" + 
                                     textBox2.Text + "','" + 
                                     textBox3.Text + "','" + 
                                     textBox4.Text + "','" + 
                                     textBox5.Text + "','" + 
                                     **radioButton1.Checked+"'** )");

Any help is very much appreciated.

Answer 1

Use the bit data type for your column. Then you can insert radioButton1.Checked checked value directly using SQL parameters.

since you haven't provide full code, try

("INSERT INTO Employeess(EmpID,FirstName,LastName,Salary,desgnation,gender) 
                        values ('" + textBox1.Text + "','" + 
                                     textBox2.Text + "','" + 
                                     textBox3.Text + "','" + 
                                     textBox4.Text + "','" + 
                                     textBox5.Text + "'," + 
                                      (radioButton1.Checked ? "1" : "0") +" )");

Answer 2

I completely changed my code and it works. I am using with sqlcommand.paramemters.addwithvalue. When I googled the solutions, I found out that previous coding is vlunerable for sql injection. Thank for help.Below is my complete code for saving data into database from textboxes, combobox and radio buttons.

    private void btnSave_Click(object sender, EventArgs e)
    {

        try
        {


            DataValidateAndDateFormat();

            string strGender;
            string strConnectionString = @"Data Source = KK\SQLEXPRESS; Integrated Security = SSPI; Initial Catalog = JeanDB";

            SqlConnection cn = new SqlConnection(strConnectionString);
            cn.Open();

            string strEmpID = txtEmpID.Text.Trim();
            string strFirstName = txtFirstName.Text.Trim();
            string strLastName = txtLastName.Text.Trim();
            string strDesignation = txtDesignation.Text.Trim();
            int iSalary = Convert.ToInt32(txtSalary.Text.Trim());
            string strAddress = txtAddress.Text.Trim();
            int iZipCode = Convert.ToInt32(txtZipCode.Text.Trim());
            int iPhone = Convert.ToInt32(txtPhone.Text.Trim());
            string strEmail = txtEmail.Text.Trim();
            DateTime dtDOB = dtPickerDOB.Value;
            string strNationality = comboNationality.SelectedItem.ToString();

            if (rbMale.Checked)
                strGender = "Male";
            else
                strGender = "Female";

            string strUserName = txtUserName.Text.Trim();
            string strPassword = txtPassword.Text.Trim();

            string query = "INSERT INTO Employees(EmployeeID, FirstName, LastName, Designation, Salary, Address, ZipCode, Phone, Email, DOB, Nationality, Gender, Username, Password)VALUES(@strEmpID, @strFirstName, @strLastName, @strDesignation, @iSalary, @strAddress, @iZipCode, @iPhone,@strEmail, @dtDOB, @strNationality, @strGender, @strUserName, @strPassword)";
            SqlCommand InsertCommand = new SqlCommand(query, cn);
            InsertCommand.Connection = cn;

            InsertCommand.Parameters.AddWithValue(@"strEmpID", strEmpID);
            InsertCommand.Parameters.AddWithValue(@"strFirstName", strFirstName);
            InsertCommand.Parameters.AddWithValue(@"strLastName", strLastName);
            InsertCommand.Parameters.AddWithValue(@"strDesignation", strDesignation);
            InsertCommand.Parameters.AddWithValue(@"iSalary", iSalary);
            InsertCommand.Parameters.AddWithValue(@"strAddress", strAddress);
            InsertCommand.Parameters.AddWithValue(@"iZipCode", iZipCode);
            InsertCommand.Parameters.AddWithValue(@"iPhone", iPhone);
            InsertCommand.Parameters.AddWithValue(@"strEmail", strEmail);
            InsertCommand.Parameters.AddWithValue(@"dtDOB", dtDOB);
            InsertCommand.Parameters.AddWithValue(@"strNationality", strNationality);
            InsertCommand.Parameters.AddWithValue(@"strGender", strGender);
            InsertCommand.Parameters.AddWithValue(@"strUsername", strUserName);
            InsertCommand.Parameters.AddWithValue(@"strPassword", strPassword);

            InsertCommand.ExecuteNonQuery();
            MessageBox.Show("New Employee's Data has been added successfully");

            cn.Close();
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
    }