Basically the error comes because you add the values from the text boxes without having starting and ending '.
However the bigger problem is that you don't use parameters.
Correct way to fix this is to use
SqlParameter[
^]
So instead of
SqlStr = String.Format("insert into employee(empid,ename,salary,deptno) values ({0},{1},{2},{3})", textBox1.Text, textBox2.Text, textBox3.Text, textBox4.Text);
ExecuteDML();
You should have something like
SqlStr = "insert into employee(empid,ename,salary,deptno) values (@empid,@ename,@salary,@deptno)");
ExecuteDML();
and then using
AddWithValue[
^] you add the parameters to the parameter collection of the command to be used.