There are two errors in your code
Change
Dim sql As String = "INSERT INTO [User] (Staff_ID, Staff_Role, Staff_Name, Username, Password) VALUES ('" & txtStaffID.Text & "', '" & cboRole.Text & "', '" & txtStaffName.Text & "', '" & txtUsername.Text & "', '" & txtPassword.Text & "' ) "
to
Dim sql As String = "INSERT INTO [User] (Staff_ID, Staff_Role, Staff_Name, Username, [Password]) VALUES ('" & txtStaffID.Text & "', '" & cboRole.Text & "', '" & txtStaffName.Text & "', '" & txtUsername.Text & "', '" & txtPassword.Text & "' ) "
Edit:
Use the Query like this
Dim sql As String = "INSERT INTO [User] (Staff_ID, Staff_Role, Staff_Name, Username, [Password]) VALUES (@StaffID,@Role,@StaffName,@Username,@Password) "
Cmd.Parameters.AddWithValue("@Staff_ID", txtStaffID.Text)
Cmd.Parameters.AddWithValue("@Role", cboRole.Text)
Cmd.Parameters.AddWithValue("@StaffName", txtStaffName.Text)
Cmd.Parameters.AddWithValue("@Username", txtUsername.Text )
Cmd.Parameters.AddWithValue("@Password", txtPassword.Text)
Changes made
Password
to[Password]
becausePassword
is a reserved keyword.Change
cmd.ExecuteReader()
tocmd.ExecuteNonQuery()
Difference between ExecuteNonQuery
and ExecuteReader
ExecuteNonQuery
ExecuteNonQuery method will return number of rows effected with INSERT, DELETE or UPDATE operations. This ExecuteNonQuery method will be used only for insert, update and delete, Create, and SET statements. (Read More about ExecuteNonQuery)
SqlCommand.ExecuteNonQuery MSDN Documentation
ExecuteReader
Execute Reader will be used to return the set of rows, on execution of SQL Query or Stored procedure using command object. This one is forward only retrieval of records and it is used to read the table values from first to last.(Read More about ExecuteReader)