NOOOO!!!
You are wide open to sql insertions. That's a very, very bad thing!
An the error is in
" INSERT INTO EMPLOYEE 1
wither the 1 shouldn't be there, or if the table is called EMPLOYEE 1 then add square braces to sql knows it's a single term:
using (SqlConnection conn = new SqlConnection())
{
String Query =
" INSERT INTO [EMPLOYEE 1](Name,Father,CNIC,Mobile,City,State) VALUES (@name,@father,@cnic,@mobile,@city,@state);";
using (SqlCommand command = conn.CreateCommand())
{
command.CommandType = CommandType.Text;
command.CommandText = Query;
command.Parameters.AddRange(new[]
{
new SqlParameter("@name", SqlDbType.NVarChar) {Value = textName.Text},
new SqlParameter("@father", SqlDbType.NVarChar) {Value = textFather.Text},
new SqlParameter("@cnic", SqlDbType.NVarChar) {Value = textCNIC.Text},
new SqlParameter("@mobile", SqlDbType.NVarChar) {Value = textMobile.Text},
new SqlParameter("@city", SqlDbType.NVarChar) {Value = textCity.Text},
new SqlParameter("@state", SqlDbType.NVarChar) {Value = textState.Text},
});
conn.Open();
command.ExecuteNonQuery();
conn.Close();
}
}
You don't need the data adapter. Inserts do not return values. The return a single int telling you how many rows were affected.
Look into SQL Injection. Using parameters should protect you to a good degree. Any parameters are encoded so as to disallow injection.
On the subject of SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection[
^]
My father is '; drop table * ;'. His mates called him 'droppy' for short.
Please use this solution as an addition to the first. Debasish Mishra is correct about the connection string best practice.
EDIT: forgot to open the connection #^_^#