I'd like to address a few issues with your code.
First of all, this code is leaving database connections open if there is an exception. Classes like
SqlCommand
and
SqlConnection
implement
IDisposable
, so you can wrap them in a using statement which calls the
Dispose
method in all but the most terminal cases (in which case, an open database connection would be the least of your applications problems). So, your code would look like this:
using (SqlConnection con = new SqlConnection(...){ ... }
Second issue, don't catch an exception if you don't do anything with it. Your try/catch block is useless because you merely rethrow your exception.
Third, your code is wide open to a Sql Injection attack. Use SQL parameters instead of explicit text injection.
Fourth, don't use
SELECT @@IDENTITY
. If you were to add a trigger to this table which inserted into another table, you would get the identityf from THAT table instead. Use
SELECT SCOPE_IDENTITY()
instead.