strSQL = "INSERT INTO Comments (docGuid,Content,UserName,email,ip) VALUES('"+DocGuid.Value+"','" + Comments.Text.Replace("'","''") + "','" + CommentsUserName + "','" + email.Text.Replace("'","''") + "','" + Request.UserHostAddress.ToString() + "')";
cmd.CommandText = strSQL;
cmd.ExecuteNonQuery();
cmd.CommandText = strSQL;
cmd.ExecuteNonQuery();
sqlCommd.Parameters.Add("@decF", Random.NextDouble())
sqlCommd.Parameters.Add("@decX", Random.NextDouble())
sqlCommd.CommandText = sqlstr
sqlCommd.ExecuteNonQuery