I'm not sure what do you want to achieve with the piece of code you've submitted, but first of all please let me remark that:

- the code is prone to SQL injection. Use parameterized commands or, better, stored procedures. There is plenty of material to read about SQL injection, for example see http://blogs.technet.com/ms_schweiz_security_blog/archive/2008/05/28/sql-injection-general-guidance.aspx.

- you can use the .NET validators to make sure that the data you enter through forms is compliant to your requirements. This should replace the commented line.

However, before starting to write code, you should complete the specs of your application - this includes a good database design. If you start coding without having good specs, even the development of a simple application could end up in a mess...