Must Declare Scalar Variable using sql string

Question

This is my first attempt at parameterized queries. I'm getting the error

Must Declare Scalar Variable @Email

Any help is appreciated!

string sql = "INSERT INTO Upload VALUES (@Email, @TimeStamp, @EmployeeId, @Name, @Title, @Department, @Race, @Gender, @AnnualizedBase, @AnnualizedTCC);";

using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand command = new SqlCommand(sql, con))
{
   decimal num;
   var emailparam = new SqlParameter("@Email", SqlDbType.Text);
   emailparam.Value = System.Web.HttpContext.Current.User.Identity.GetUserId();

   // some more parameters following same format
   var baseparam = new SqlParameter("@AnnualizedBase", SqlDbType.Money);

   if (decimal.TryParse(result.Tables[0].Rows[i][6].ToString(), out num)) 
   {
       baseparam.Value = num;
   }
   else  
   {
       ViewBag.Error = "not money format";
   }

   var tccparam = new SqlParameter("@AnnualizedTCC", SqlDbType.Money);

   if (decimal.TryParse(result.Tables[0].Rows[i][7].ToString(), out num)) 
   {
       tccparam.Value = num;
   }
   else
   {
       ViewBag.Error = "not money format";
   }   

   con.Open();
   command.ExecuteNonQuery();
   con.Close();
}

Answer 1

You are defining your parameters - so far, so good.

But now, before you execute the query, you must .Add() those parameters to the SqlCommand object!

// Add parameters to SqlCommand
command.Parameters.Add(emailparam);
command.Parameters.Add(baseparam);
command.Parameters.Add(tccparam);

// *NOW* you can open connection, execute query, close connection
con.Open();
command.ExecuteNonQuery();
con.Close();

Answer 2

You Should try this if you will not understand it ask me further

string mail="abc@hotmail.com"; 
string name="Abdul Aleem";
//This is In Lin Query
string sql = "INSERT INTO Upload VALUES (@Email, @Name)" //and so on
SqlConnection con = newSqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString)

SqlCommand cmd = new SqlCommand(sql, con);
cmd.CommandType = System.Data.CommandType.Text;
cmd.Parameters.AddWithValue("@Email", mail);
cmd.Parameters.AddWithValue("@Name", name);
//And same as add other paramters according to your in line query
cmd.ExecuteNonQuery();