Do not concatenate values to your SQL statement, instead use
SqlParameter[
^]
The other thing is that you initialize the dt1 and dt to the same value and never change them. Perhaps the code should look like
...
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
st = "insert into tbl_time(time_in) values('" + dt.ToString("hh:mm:ss") + "')";
db.ExeQuery(st);
dt1 = DateTime.Now;
}
}
...
Well, actually with parameters the code should look like
...
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
st = "insert into tbl_time(time_in) values(@timevalue)";
db.ExeQuery(st);
dt1 = DateTime.Now;
}
}
...