我要把用户注册信息写进数据库，请问大家怎么写？
我这样写对吗？


SqlConnection con = db.createcon();
con.Open();
SqlCommand cmd = new SqlCommand("insert into [user](userName,pwd,trueName,sex,birth,pro,city,tel,email,code,personlike,images) Values('" + this.txtZhcName.Text + "','" + this.txtPwd.Text + "','" + this.txtTrueName.Text + "','" + this.RadioButtonListdsex.SelectedValue + "','" + this.txtBirth.Text + "','" + this.DdlPro.SelectedValue + "','" + this.DdlCity.SelectedValue.ToString + "','" + this.txtTel.Text + "','" + this.txtEmail.Text + "'.'" + this.txtCode.Text + "','" + this.CCblLike.SelectedValue + "','" + this.Image1.ImageUrl + "')", con);
cmd.ExecuteNonQuery();
con.Close();

运行出错，请大家帮我看一下怎么写？注册信息里包括文字，数字，还有图片，这在创建数据库的时候又怎么设置？

新手多指教， 谢谢！！

用两个类来传值不是很好吗?首先你得建两个类,一个实体类和一个操作类.用一个变量来传值.然后这边就不用写那么麻烦了

嗯,我也觉得那样挺麻烦的,不过我还没学会怎么用参数传

SqlConnection con = new SqlConnection("server=服务器;database=数据库;uid=用户名;pwd=密码;");
try
{
con.Open();
string InsertStr = "insert into [user](userName,pwd,trueName,sex,birth,pro,city,tel,email,code,personlike,images) Values('" + this.txtZhcName.Text.Trim() + "','" + this.txtPwd.Text.Trim() + "','" + this.txtTrueName.Text.Trim() + "','" + this.RadioButtonListdsex.SelectedValue + "','" + this.txtBirth.Text.Trim() + "','" + this.DdlPro.SelectedValue + "','" + this.DdlCity.SelectedValue.ToString + "','" + this.txtTel.Text.Trim() + "','" + this.txtEmail.Text.Trim() + "'.'" + this.txtCode.Text.Trim() + "','" + this.CCblLike.SelectedValue + "','" + this.Image1.ImageUrl + "')";
SqlCommand cmd = new SqlCommand(InsertStr, con);
cmd.ExecuteNonQuery();
}
catch(Exception exp)
{
Response.Write(exp.Message); //输出错误信息
}
finally
{
con.Close();
}