Exception unhandled SQL INTO

Question

I am currently creating a sign in and out form and am trying to make the sign in part work this will link data from textboxes from ac# form to an SQL database

My question is: what is the syntax error in this system?

I currently get the message:

System.Data.SqlClient.SqlException: 'Incorrect syntax near the keyword 'INTO'.'

My code is:

 private void AcceptData()
    {
        using (Connection = new SqlConnection(connectionString))
        {
            Connection.Open();

            using (SqlDataAdapter adapter = new SqlDataAdapter("INPUT INTO Person", Connection))//this is currently where it says the error is
            {
                DataTable RegisterTable = new DataTable();
                adapter.Fill(RegisterTable); //System.InvalidOperationException: 'The ConnectionString property has not been initialized.' TO FIX

                string name = textBox1.Text;
                string organisation = textBox3.Text;
                DateTime Time = DateTime.Parse(textBox2.Text);
                string strDateTimeIn = Time.ToString("yyyy-MM-dd HH:mm:ss.ffff");
                string query = "INSERT INTO Person (Name,Organisation,TimeIn) VALUES('" + name + "','" + organisation + "','" + strDateTimeIn + "')";
                SqlCommand SignIn = new SqlCommand(query, Connection);
                SignIn.ExecuteNonQuery(); // this should be fine currently

            }
        }

    }

Please help, thanks in advance Tom

Answer 1

Here is (almost) how I would write it if I had to use ADO.Net only:

DateTime timeIn;
// I would rather use TryParseExact, I just don't know what format you expect...
if(DateTime.TryParse(textBox2.Text, out timeIn)) 
{
    using (var Connection = new SqlConnection(connectionString))
    {
        string query = "INSERT INTO Person (Name,Organisation,TimeIn) VALUES(@Name, @Organisation, @TimeIn)";
        using(var SignIn = new SqlCommand(query, Connection))
        {
            SignIn.Parameters.Add("@Name", SqlDbType.NVarChar).Value = textBox1.Text;
            SignIn.Parameters.Add("@Organisation", SqlDbType.NVarChar).Value = textBox3.Text;
            SignIn.Parameters.Add("@TimeIn", SqlDbType.DateTime).Value = timeIn;
            Connection.Open();
            SignIn.ExecuteNonQuery(); // this should be fine currently
        }
    }
}

With ADONETHelper (a project I wrote you can download from GitHub) I would do it like this:

DateTime timeIn;
// Still prefer to use TryParseExact....
if(DateTime.TryParse(textBox2.Text, out timeIn))
{
    var query = "INSERT INTO Person (Name,Organisation,TimeIn) VALUES(@Name, @Organisation, @TimeIn)";
    var parameters = new IDbDataParameter[]
    {
        _DB.CreateParameter("@Name", ADONETType.NVarChar, textBox1.Text),
        _DB.CreateParameter("@Organisation", ADONETType.NVarChar, textBox3.Text),
        _DB.CreateParameter("@TimeIn", ADONETType.DateTime, timeIn)
    };
    _DB.ExecuteNonQuery(query, CommandType.Text, parameters);
}

Now in this case it only saves you 4 lines of code, but usually a single project contains many calls to the database - selecting, adding, editing and deleting records. This is when you see ADONETHelper's contribution - It saves you from a lot of code repetitions and encapsulate most of the ADO.Net plumbing for you.