Apart from the fact that you are using inline SQL, which is just bad. You should be using @param1
syntax in the query and then adding parameters to it instead (thus sidestepping this issue also). Even better - use an ORM like Linq to Sql or Entity Framework (or nHibernate or whatever).
SQL Server generally wants it's times in yyyymmdd format, and also you really should be checking the label's value is indeed an integer and only running the query if it is:
int labelValue = 0;
if(int.TryParse(label9.Text, out labelValue))
{
cmd.CommandText="insert into trans values("+ labelValue +
", '" + DateTime.Now.ToString("yyyyMMdd");"')";
cmd.Connection = con;
con.Open();
int x= cmd.ExecuteNonQuery();
MessageBox.Show("Attendance recorded succesfully");
}
I'd also say you really need to examine your usage of the connection/command - where do you Dispose
? Judging by this code, I'm guessing you don't?
All in all, even with these fixes I'm not recommending you do things this way - do it the way that Harm suggests - the +5 (or more) there is deserved.