Your query has an error.
The correct query is:
string value1, value2, value3;
:
:
:
cmd.CommandText = "Insert into Cart (ProductID, ProductName, SellingPrice) values (@ProductID, @ProductName, @Price)";
Then set Parameters by:
cmd.Parameters.Add(new SqlParameter("@ProductID",value1));
cmd.Parameters.Add(new SqlParameter("@ProductName",value2));
cmd.Parameters.Add(new SqlParameter("@SellingPrice",value3));
or as a RISKY SHORTCUT, you can do this (or use only for localhost):
cmd.CommandText = "Insert into Cart (ProductID, ProductName, SellingPrice) values ('"+value1+"','"+value2+"','"+value3+"')";
You do this and there's no need of setting any Parameters. But at the same time will increase possibility of SQL injection attacks. So, code at your own RISK!
Good Luck for SQLing!!