Error With Dynamically Created SQL Insert statementcmd.CommandText = "INSERT I

1. Error With Dynamically Created SQL Insert statement
2. cmd.CommandText = "INSERT INTO LogIn(Username,Password) VALUES('" + AddUsernameTextBox.Text + "','" + AddPasswordTextBox.Text + "')";
3.  
4. cmd.CommandText = "INSERT INTO LogIn([Username],[Password]) VALUES('" + AddUsernameTextBox.Text + "','" + AddPasswordTextBox.Text + "')";
5.  
6. command.CommandText = "INSERT INTO Login([Username],[Password]) VALUES(@Username, @Password)";
7.  
8. //Not sure how you create your commands in your project
9. //here I'm using the ProviderFactory to create instances of provider specific DbCommands.
10.  
11. var parameter = dbProviderFactory.CreateParameter();
12. parameter.DbType = System.Data.DbType.String;
13. parameter.ParameterName = "@Username";
14. parameter.Value = AddUsernameTextBox.Text;
15. command.Parameters.Add(parameter);
16.  
17. parameter = dbProviderFactory.CreateParameter();
18. parameter.DbType = System.Data.DbType.String;
19. parameter.ParameterName = "@Password";
20. parameter.Value = AddPasswordTextBox.Text;
21. command.Parameters.Add(parameter);
22.  
23. ConnectionStringSettings connectionStringSettings = ConfigurationManager.ConnectionStrings["SomeConnectionName"];
24. if (connectionStringSettings == null)
25. throw new Exception("Application config file does not contain a connectionStrings section with a connection called "SomeConnectionName"");
26. DbProviderFactory dbProviderFactory = DbProviderFactories.GetFactory(connectionStringSettings.ProviderName);
27. using (var dbConnection = dbProviderFactory.CreateConnection())
28. {
29. dbConnection.ConnectionString = connectionStringSettings.ConnectionString;
30. dbConnection.Open();
31. using (var command = dbConnection.CreateCommand())
32. {
33. command.CommandText = "INSERT INTO Login([Username],[Password]) VALUES(@Username, @Password)";
34.  
35. var parameter = dbProviderFactory.CreateParameter();
36. parameter.DbType = System.Data.DbType.String;
37. parameter.ParameterName = "@Username";
38. parameter.Value = AddUsernameTextBox.Text;
39. command.Parameters.Add(parameter);
40.  
41. parameter = dbProviderFactory.CreateParameter();
42. parameter.DbType = System.Data.DbType.String;
43. parameter.ParameterName = "@Password";
44. parameter.Value = AddPasswordTextBox.Text;
45. command.Parameters.Add(parameter);
46.  
47. var dbTransaction = dbConnection.BeginTransaction();
48. try
49. {
50. command.ExecuteNonQuery();
51. dbTransaction.Commit();
52. }
53. catch (Exception)
54. {
55. dbTransaction.Rollback();
56. throw;
57. }
58. }
59. }
60.  
61. <?xml version="1.0" encoding="utf-8" ?>
62. <configuration>
63. <connectionStrings>
64. <add name="SomeConnectionName" providerName="System.Data.OleDb" connectionString="Your Provider Specific Connection String" />
65. </connectionStrings>
66. </configuration>
67.  
68. using (var con = new OleDbConnection(_constring))
69. {
70. con.Open();
71. using (
72. var cmd =
73. new OleDbCommand(
74. "UPDATE LogIn SET Username=@Username, Password=@Password WHERE (ID = @Id)",
75. con))
76. {
77. try
78. {
79.  
80. cmd.Parameters.AddWithValue("@Username",EditUsernameTextBox.Text);
81. cmd.Parameters.AddWithValue("@Password",EditPasswordTextBox.Text);
82. cmd.Parameters.AddWithValue("@Id",IDTextBox.Text);
83.  
84.  
85. cmd.ExecuteNonQuery();
86. }
87. catch (Exception ex)
88. {
89. throw;
90. }
91. finally
92. {
93. con.Close();
94. }
95.  
96. }
97.  
98. ' ; DROP TABLE login
99.  
100. "UPDATE
101. LogIn
102. SET
103. Username = '" + EditUsernameTextBox.Text + "'
104. ,Password = '" + EditPasswordTextBox.Text + "'
105. WHERE
106. (ID = '" + IDTextBox.Text + "')";
107.  
108. WHERE (ID ='" + IDTextBox.Text + "')";