ERROR : Incorrect syntax near the keyword 'group'

Question

i am new to WEB developing . I am having an error while trying to insert data to my database : plz help me , the error i am getting is :

Server Error in '/musa/rental' Application.

Incorrect syntax near the keyword 'group'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near the keyword 'group'.

Source Error: 


    Line 41:             con.Open();
    Line 42:             SqlCommand objcmd = new SqlCommand("Insert into group(std1,std2,std3,std4) Values('" + usernames[1] + "','" + usernames[2]  +"','"+ usernames[3] + "','"+ usernames[4] + "')", con);
    Line 43:             objcmd.ExecuteNonQuery();
    Line 44:             con.Close();
    Line 45:             

    Source File: g:\musa\rental\addgroup.aspx.cs    Line: 43 

My addgroup.aspx file is -

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class addgroup : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        System.Collections.Specialized.NameValueCollection nvc = Request.Form;
        string[] usernames = new string[6];
        usernames[1] = ""; usernames[2] = ""; usernames[3] = ""; usernames[4] = "";


        if (!string.IsNullOrEmpty(nvc["username1"]))
        {
            usernames[1] = nvc["username1"];
        }
        if (!string.IsNullOrEmpty(nvc["username2"]))
        {
            usernames[2] = nvc["username2"];
        }
        if (!string.IsNullOrEmpty(nvc["username3"]))
        {
            usernames[3] = nvc["username3"];
        }
        if (!string.IsNullOrEmpty(nvc["username4"]))
        {
            usernames[4] = nvc["username4"];
        }

        if (!string.IsNullOrEmpty(nvc["username1"]))
        {
            Label1.Text = nvc["username1"];
            SqlConnection con = new SqlConnection();
            con.ConnectionString = ConfigurationManager.ConnectionStrings["mycon"].ConnectionString;
            con.Open();
            SqlCommand objcmd = new SqlCommand("Insert into group (std1,std2,std3,std4) Values ('" + nvc["username1"] + "','" + nvc["username2"] + "','" + nvc["username3"] + "','" + nvc["username4"] + "')", con);
            objcmd.ExecuteNonQuery();
            con.Close();

        }
        else
        {
            Label1.Text = "sorry!";
        }
    }
}

Answer 1

GROUP is a reserved keyword , if you really want to use it as a tablename (a very bad practice in my opinion) then you need to encapsulate it in square brackets

SqlCommand objcmd = new SqlCommand("Insert into [group] (std1,std2,std3,std4) Values ...

Said that, I wish to suggest learning how to write parameterized query instead of string concatenations. Your code is very weak and it easily crackable using Sql Injection .

See example in SqlCommand.Parameters MSDN documentation