First of all no need to use the code open for SQL Injection instead use parametrize query.
A Simple Example:
if u have 2 radio buttons in your code whose datatype is char(1) in the database table 'Persons' (if its bool then change the code accordingly while passing the parameters)
<asp:radiobutton id="rbMale" text="Male" runat="server" groupname="Gender"/>
<asp:radiobutton id="rbFemale" text="Female" runat="server" groupname="Gender"/>
Use the following code for saving its value into the database table.
string gender = string.Empty;
if (rbMale.Checked)
{
gender = "M";
}
else if (rbFemale.Checked)
{
gender = "F";
}
string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO Persons(Gender)VALUES(@Gender)"))
{
cmd.Connection = con;
cmd.Parameters.AddWithValue("@Gender", gender);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
Add the parameters according to your form values.
Hope It Helps :)