Insert statement into SQL Server db

Question

I'm developing an ASP.NET MVC Web Application using SQL Server.

I am trying to INSERT a new entry into my database and I don't understand what am I doing wrong.

I get an exception on the line:

command.ExecuteNonQuery();

The code is:

try
            {
                SqlConnection connection = new SqlConnection(@"Data Source=.\SQLEXPRESS;Initial Catalog=UniversityManager;Integrated Security=True");

                using (connection)
                {
                    //SqlCommand command = new SqlCommand(
                    //    "INSERT INTO Students VALUES(@Id, @Name, @Surname, @Year, @PhoneNumber, @Cnp);",
                    //    connection);
                    connection.Open();
                    String sql = "INSERT INTO Students(Id,Name,Surname,Year,PhoneNumber,Cnp) " +
                        "VALUES (@Id, @Name, @Surname, @Year, @PhoneNumber, @Cnp)";
                    SqlCommand command = new SqlCommand(sql, connection);
                    command.Parameters.Add("@Id", SqlDbType.Int);
                    command.Parameters["@Id"].Value = 5;

                    command.Parameters.Add("@Name", SqlDbType.VarChar);
                    command.Parameters["@Name"].Value = collection.Name;

                    command.Parameters.Add("@Surname", SqlDbType.VarChar);
                    command.Parameters["@Surname"].Value = collection.Surname;

                    command.Parameters.Add("@Year", SqlDbType.Int);
                    command.Parameters["@Year"].Value = collection.Year;

                    command.Parameters.Add("@PhoneNumber", SqlDbType.VarChar);
                    command.Parameters["@PhoneNumber"].Value = collection.PhoneNumber;

                    command.Parameters.Add("@Cnp", SqlDbType.VarChar);
                    command.Parameters["@Cnp"].Value = collection.Cnp;

                    command.ExecuteNonQuery();
                    connection.Close();
                }

                return RedirectToAction("Index");
            }
            catch
            {
                return View();
            }
        }

Thank you!

Answer 1

YEAR is a reserved keyword for Sql Server. So, if you really have a column with that name, then you need to enclose it in square brackets every time you refer to it. Better change that name

 String sql = "INSERT INTO Students(Id,Name,Surname,[Year],PhoneNumber,Cnp) " +
              "VALUES (@Id, @Name, @Surname, @Year, @PhoneNumber, @Cnp)";

Another possibility is the Id column. If this column has the IDENTITY property set to true, then you should not set a value for it. It is automatically calculated by the database engine.

Looking at your innerexception message, it seems the problem is due to one or more of your parameters contains more text than allowed by the database field size.
You could try something like this (for each varchar parameter)

 // Assuming the Name field is defined as varchar(15)
 command.Parameters.Add("@Name", SqlDbType.VarChar, 15);
 command.Parameters["@Name"].Value = collection.Name;

Answer 2

The String or binary data would be truncated exception means you're trying to insert a value that is too large for one of the columns in your Student table. For example, your Name field has a maximum length of 10 but you're trying to insert a 15 character name.

Check the values you're inserting and see if they're too large for the columns.