Your code is vulnerable to
SQL Injection[
^].
NEVER use string concatenation to build a SQL query.
ALWAYS use a parameterized query.
using (SqlConnection conn = new SqlConnection("Data Source=UNITECHSYSTEM\\SQLEXPRESS;Initial Catalog=Rajj1;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand("INSERT INTO Reg_WebSite4(UID, PWD, EMail, Loc, Address, Sex, Lang, Accept) VALUES (@UID, @PWD, @EMail, @Loc, @Address, @Sex, @Lang, @Accept)", conn))
{
cmd.Parameters.AddWithValue("@UID", TextBoxUN.Text);
cmd.Parameters.AddWithValue("@PWD", PWD1.Text);
cmd.Parameters.AddWithValue("@EMail", Email.Text);
cmd.Parameters.AddWithValue("@Loc", LocList.Items[i]);
cmd.Parameters.AddWithValue("@Address", AddressTXT.Text);
cmd.Parameters.AddWithValue("@Sex", SexList.Items[j]);
cmd.Parameters.AddWithValue("@Lang", LangBox.Items[k]);
cmd.Parameters.AddWithValue("@Accept", AcceptBox.Text);
conn.Open();
cmd.ExecuteNonQuery();
}
It looks like you're storing passwords in plain text. That's a very bad idea. You should only ever store a salted hash of the password.
Secure Password Authentication Explained Simply[
^]
Salted Password Hashing - Doing it Right[
^]
MessageBox.Show
will not work in an ASP.NET application. If you're lucky, you'll get an exception telling you that the current process is not interactive. Otherwise, the message will display
on the server, where nobody will ever see it, and your code will hang waiting for someone to press "OK".
It might
appear to work when you're developing the site in Visual Studio; but that's only because the server and client are the same computer in that scenario.
The
"String or binary data would be truncated" error means that one of the values you're trying to insert is longer than the defined length of the column. Unfortunately, it doesn't tell you
which column is the problem. You'll need to debug your code, check the lengths of the values you're trying to insert, and compare them to the defined lengths of the columns.
(There's an active bug report[^] asking Microsoft to improve this error message in a future version of SQL Server.)