Yes: instead of string concatenation, use parameterized queries:
OleDbCommand cmd = new OleDbCommand("Insert into Student(FirstName,LastName)Values(@FirstName,@LastName)", con);
cmd.Parameters.AddWithValue("@FirstName", textBox1.Text);
cmd.Parameters.AddWithValue("@LastName", textBox2.Text);
The advantages of this:
- It's easier to read: there are less quotes to be confused about, so it's harder to have a syntax error here.
- Your original code has an SQL injection[^] vulnerability, which is closed by using parameterized queries.