You may be way over-complicating things. Try the following code...
var connection = new SqlConnection(connectionString);
var cmd = new SqlCommand(insertSql, connection);
cmd.Parameters.AddWithValue("@UsrNme", txtUID.Text.ToString());
cmd.Parameters.AddWithValue("@fnbox", txtfn.Text.ToString());
cmd.Parameters.AddWithValue("@lnamebox", txtLN.Text.ToString());
cmd.Parameters.AddWithValue("@passtxtbx1", txtPassword.Text.ToString());
cmd.Parameters.AddWithValue("@passtxtbx1", txtPassword.Text.ToString());
cmd.Parameters.AddWithValue("@passtxtbx2", txtRePass.Text.ToString());
cmd.Parameters.AddWithValue("@emailbox", txtEmail.Text.ToString());
cmd.Parameters.AddWithValue("@DrDncoundrlst", txtCountry.Text.ToString());
cmd.Parameters.AddWithValue("@DropDownListSwestate", txtState.Text.ToString());
cmd.Parameters.AddWithValue("@citytxtbox", txtCity.Text.ToString());
try
{
cmd.Connection.Open();
cmd.ExecuteNonQuery();
cmd.Connection.Close();
lblmsg.Text = "You already completed your registration process";
}
catch (SqlException ex)
{
var errorMessage = "error in registration user";
errorMessage += ex.Message;
throw new Exception(errorMessage);
}
finally
{
con.Close();
}
You also want to make sure the you have the following using
clauses declared...
using System.Data;
using System.Data.SqlClient;
... and that txtCity
is what you actually called your text box and that it's not hidden from this method by a private
identifier or actually appears on a different form because the error you're getting means that the variable is outside the method's scope or has its lifetime expire before you reach this method.
Here's what all that code does. Instead of setting up tons of metadata that you should not need to declare your parameters, it lets SqlCommand do all the hard work for you and figure out what type is what based on the database column, the type of the object you passed in, and the name of the parameter. If you end up allowing the passing of invalid data, none of the elaborate metadata markup is going to save you from an error.
Likewise, you really want to look into wrapping your insertSql
into a stored procedure like so in Sql Server...
create procedure adduserinfo @UsrNme nvarchar (50),
@fnbox varchar (25),
@lnamebox varchar (25),
@passtxtbx1 varchar (25),
@passtxtbx2 varchar (25),
@emailbox varchar (25),
@DrDncoundrlst varchar (25),
@DropDownListSwestate varchar (25),
@citytxtbox varchar (25)
as begin
INSERT INTO UserInfo
( UID,
FN,
LN,
Password,
RePass,
Email,
Country,
State,
City )
VALUES
( @UsrNme,
@fnbox,
@lnamebox,
@passtxtbx1,
@passtxtbx2,
@emailbox,
@DrDncoundrlst,
@DropDownListSwestate,
@citytxtbox )
end
go
Then your SqlCommand
declaration would look like so...
var command = new SqlCommand("adduserinfo", connection)
{
CommandType = CommandType.StoredProcedure;
}
... and for the rest you'd follow the rest of the code I provided above. This would be the more or less proper way to do it. And at the risk of sounding nitpicky, consider more informative and consistently formatted variable and parameter names. Those who might have to modify your code in the future will thank you for it.