SqlCommand cmd2 = new SqlCommand("insert into tbl_Transaction_Master(Supplier_ID,Order_Price,Unique_ID,Supplier_Name,He_Is_a,Transaction_Date) values ('" + WebUserID + "','" + Session["Order_Price"] + "','" + Session["WebUserid"] + "','"+User+"','WebCustomer',getdate()); SELECT SCOPE_IDENTITY()", conn);
int temp = cmd2.ExecuteNonQuery();
Session["order_ID"] = temp;
There are many problems in your code, not just the one that raises the current exception.
First: You have text fields with a precise size, you cannot insert more characters than the size of the field. We don't know anything about the value passed for the SupplierName but the string
WebCustomer is 11 chars and you try to insert it in a field with space only for 10 chars.
nchar means that your fields are always filled with spaces to reach the length required. Of course this is inefficient with a lot of records, not to mention the work required to trim away those spaces when you need to show your data.
Third: ExecuteNonQuery returns the number of rows affected by your command. In this case it is always 1, you don't get the return value of
SELECT SCOPE_IDENTITY(). Use ExecuteScalar.
Fourth: Some of your fields are numeric, you insert strings for them. This means that the database engine try to convert them back to the correct datatype. Usually, for integers, you can go away freely, but with floats there is a higher chance that you get a datatype mismatch error caused by difference between the locale settings of your code and the locale settings of your database. Fix for that in the next point.
Fifth: You should use parameters not string concatenation. This avoids the Sql Injection hack or the parsing error caused by automatic conversion of a string back to a numeric value. A mismatch from the locale settings used in your code and the database setting will cause errors. With a parameter you specify the type and do not convert the value. The database engine is happy.
So.....(after changing to nvarchar and after checking the length of the values)
string cmdText = @"insert into tbl_Transaction_Master (Supplier_ID,Order_Price,Unique_ID, Supplier_Name,He_Is_a,Transaction_Date) values (@webid, @price,@sessionid,@user,'WebCust.',getdate()); SELECT SCOPE_IDENTITY()"; SqlCommand cmd2 = new SqlCommand(cmdText, conn); cmd2.Parameters.Add("@webid", SqlDbType.Int).Value = WebUserID cmd2.Parameters.Add("@price", SqlDbType.Decimal).Value = Session["Order_Price"]; cmd2.Parameters.Add("@sessionid", SqlDbType.Int).Value = Session["WebUserid"]; cmd2.Parameters.Add("@user", SqlDbType.NVarChar).Value =User; int temp = Convert.ToInt32(cmd2.ExecuteScalar()); Session["order_ID"] = temp;