What's wrong with this lines?

Question

When I write this line:

SqlCommand MySqlCommand = new SqlCommand("INSERT INTO [User](NAME ,PASSWORD ,PUBLISH_FOLDER,ACTIVE,IP,PORT) Values ('shula','Aa1234','study','true','1015','8080')", MyConnection);

it works but when I write this lines:

string Name = user.Name;

string Password = user.Password;

string Port = (user.Port).ToString();

string publishFolder=user.publishFolder;

string Ip=user.Ip;

SqlCommand MySqlCommand = new SqlCommand("INSERT INTO [User](NAME ,PASSWORD ,PUBLISH_FOLDER,ACTIVE,IP,PORT) Values (" + Name + "," + Password + "," + publishFolder + ",TRUE," + Ip + "," + Port + ")", MyConnection);

the error is:

invalid column name...

Answer 1

It is because

 "  Values (" + Name + "," 

generates

 Values (shula,

and not

 Values ('shula',

But you should not add the ' but use parameters instead.