I’m building a practice project for training, and my handler has forbid me to parameterize, preferring that I focus on other things at the moment. He’s instructed me to use the following types of strings to insert. I KNOW it’s not safe. It’s not for actual deployment. I’m in a bind, however, because after doing some necessary restructuring to the database, I need to re write the insert and select commands. My Submission table has an auto-incremented SubmissionId column, and I need to insert that value into the SubId columns of my Broker and Customer tables. How do I do this?

string idQuery = "SELECT SCOPE_IDENTITY() AS LastInsertedSubmissionId";

String custQuery = "INSERT INTO Customer 
                      (CustId, CustName, SicNaic, CustAdd, CustCity, CustState, CustZip, SubId)           
                    VALUES
                      ('" + TbCustId.Text + "', '" + TbCustName.Text + "', '" + RblSicNaic.SelectedItem + "', '" + TbCustAddress.Text + "', '" + TbCustCity.Text + "', '" + DdlCustState.SelectedItem + "', '" + TbCustZip.Text + "', *whatgoeshere?*)";
String broQuery = "INSERT INTO Broker 
                     (BroId, BroName, BroAdd, BroCity, BroState, BroZip, EntityType, SubId) 
                   VALUES 
                     ('" + TbBroId.Text + "', '" + TbBroName.Text + "', '" + TbBroAddress.Text + "', '" + TbBroCity.Text + "', '" + DdlBroState.SelectedItem + "', '" + TbBroZip.Text + "', '" + DdlEntity.SelectedItem + "', *whatgoeshere?*)";

String subQuery = "INSERT INTO Submission 
                     (Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments) 
                   VALUES 
                     ('" + TbCoverage.Text + "','" + TbCurrentCoverage.Text + "','" + TbPrimEx.Text + "','" + TbRetention.Text + "','" + TbEffectiveDate.Text + "','" + TbCommission.Text + "','" + TbPremium.Text + "','" + TbComments.Text + "')";