SQL Server stored procedure allows to insert into a table only numbers, not characters

I developed a vb.net application which connects to a SQL Server 2014. At server side I created the following stored procedure to insert a row to a table when called out by vb app.

create procedure uspInsertToTableWith1Value
@table nvarchar(50),
@column nvarchar(50),
@value nvarchar(50)
AS
BEGIN
SET NOCOUNT ON;
declare @SQL nvarchar(50)
select @SQL = N'INSERT INTO ' + QUOTENAME(@table) + ' (' + @column + ') ' + 'VALUES (' + @value + ')';
EXEC sp_executesql @SQL
END

The vb app has a button with the following code:

Private Sub Button22_Click(sender As System.Object, e As System.EventArgs) Handles Button22.Click
Dim tbl1 = "Facility"
Dim cln1 = "f1"
Dim vl1 = TextBox7.Text
InsertToTableWith1Value(tbl1, cln1, vl1)
end sub

And this is the sub which connects to SQL Server:

Public Sub InsertToTableWith1Value(tbl, cln, vl)
    Try
        Dim cmd As New SqlCommand
        cmd.Connection = con
        cmd.CommandText = "uspInsertToTableWith1Value"
        cmd.CommandType = CommandType.StoredProcedure
        With cmd.Parameters

            .AddWithValue("@table", tbl)
            .AddWithValue("@column", cln)
            .AddWithValue("@value", vl)
        End With
        con.Open()
        cmd.ExecuteNonQuery()
        con.Close()
    Catch ex As Exception
        con.Close()
        MsgBox(ex.Message)
    End Try
End Sub

The problem is that when I add a new record to the table through the vb app it accepts only numbers. When I add characters or numbers with characters it cuts away all the head numbers leaving just the remaining characters and giving two Exception error, depending what I typed. For example if I type "2ww" I'll get "Incorrect syntax near 'ww'". If I type "ww" I'll get "Invalid column name 'ww'".

Any idea how to fix that? I already spent two days searching the net. Thanks to everybody who will help me.

Btw, if I add the row manually and directly through the server it accepts everything, which is ok.

I followed all the advice you guys gave me so this is my final code which works fine: (I really hope to have posted this last phrase in the right place)

Public Sub InsertToTableWith1Value(tbl, cln, vl)
    Try
        Dim cmd As New SqlCommand
        cmd = New SqlCommand("INSERT [" & tbl & "] (" & cln & ") VALUES ('" & vl & "')", con)
        With cmd.Parameters
            .AddWithValue("@table", tbl)
            .AddWithValue("@column", cln)
            .AddWithValue("@value", vl)
        End With
        con.Open()
        cmd.ExecuteNonQuery()
        con.Close()
    Catch ex As Exception
        con.Close()
        MsgBox(ex.Message)
    End Try

End Sub


ANSWERS:


I think the problem is that you need apostrophes around words

insert into table (col1) values ('2ww')

You can use '' to represent a single apostrophe in SQL Server.

A fix would be

select @SQL = N'INSERT INTO ' + QUOTENAME(@table) + ' (' + @column + ') ' + 'VALUES (''' + @value + ''')';

Edit Note that this will only let you insert data into columns with a textual datatype, you don't want appostrophes for numeric data inserts.



 MORE:


 ? SqlDataAdapter.Fill(DataGridView.DataSource) duplicates all rows
 ? SqlDataAdapter.Fill(DataGridView.DataSource) duplicates all rows
 ? SqlDataAdapter.Fill(DataGridView.DataSource) duplicates all rows
 ? Datagridview - refresh after DB Update on another form
 ? figure out rowindex on a row I just inserted?
 ? DataGridView multiple row selection, specific column data get
 ? Strange behaviour of DataTable with DataGridView
 ? DataGridView and Record ID C#
 ? Insert DataTable rows to DataBaseTables using DataAdapter: leave out one column in DataTable
 ? refresh data with sqldataadapter.fill - not seeing new data