You better use parameters in SQL statement
sample code:
SqlCommand cmd = new SqlCommand("insert into [dbo].[CustomerInfo] (UserXUID, LastUpdatedTime) values (@UserXUID, @LastUpdatedTime)");
cmd.Parameters.AddWithValue("@UserXUID", XUID);
cmd.Parameters.AddWithValue("@LastUpdatedTime", DateTime.Now);
This also will save you from SQL injection attacks.
Few additional things, you are calling insert in a loop but not correctly handling the closing of the connection. you better use
using block
as below, it will close/dispose the object even you get exception middle of the process. When you set null values; use
DBNull.Value
using(SqlConnection cnn = new SqlConnection(yourconnectionString))
{
cnn.Open();
using(SqlCommand cmd = new SqlCommand("insert into [dbo].[CustomerInfo] (UserXUID,RefundType, LastUpdatedTime) values (@UserXUID,@RefundType, @LastUpdatedTime)"))
{
cmd.Parameters.AddWithValue("@UserXUID", XUID);
cmd.Parameters.AddWithValue("@RefundType", DBNull.Value);
cmd.Parameters.AddWithValue("@LastUpdatedTime", DateTime.Now);
cmd.ExecuteNonQuery();
}
}