Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Apr 05, 2012 12:32 AM|LINK
Just to emphasize what the others have already contributed. You are not passing in the required number of fields for your table. Did you set a primary key on the table? If so, does it auto increment, or do you have to set that field yourself? That is
most likely what is missing, but impossible to say without looking at the table schema.
I agree with the SQL Injection issue. Never append your values into a dynamic sql query like that. It is bad, bad, bad news. There are many resources out there that can point you in the direction for securing your sql queries. Here is one of those resources
that might be helpful: http://software-security.sans.org/developer-how-to/fix-sql-injection-microsoft-.net-with-parameterized-queries