Firstly, don't use string concatenation to insert values into SQL code. It is fraught with issues, including the possibility of a malicious user deleting everything in your database in some cases. ...