{"Incorrect syntax near 'C'."}.....Error Debug

SqlConnection conn = new SqlConnection("Server=ILLUMINATI;" + 
    "Database=DB;Integrated Security= true");
SqlCommand comm = new SqlCommand(
    "Insert into FileUpload ('FilePath','TypeId','UploadedBy','UploadedDate') 
    values (" + savePath + "," + typeid + "," + NAME + "," + DateTime.Now+ ")", conn);

conn.Open();
comm.ExecuteNonQuery();
conn.Close();

It's giving an error saying:

{"Inc开发者_开发技巧orrect syntax near 'C'."}

Can anybody tell me the error please.

---

You have to put single '' quotes around the value strings not around the column names

try this

SqlCommand comm = new SqlCommand(
    "Insert into FileUpload (FilePath,TypeId,UploadedBy,UploadedDate) 
    values ('" + savePath + "','" + typeid + "','" + NAME + "',"

assuming typeID is string, if not dont put '' around it

---

The reason it's giving the error is as Haris says - you're putting the single quotes in the wrong place.

However, it would be a very bad idea to "fix" this by just putting the quotes in different places. Instead, you should use a parameterized query:

SqlCommand comm = new SqlCommand
    ("Insert into FileUpload (FilePath, TypeId, UploadedBy, UploadedDate)" +
     " values (@savePath, @typeid, @name, @now)", conn);
comm.Parameters.AddWithValue("@savePath", savePath);
comm.Parameters.AddWithValue("@typeid", typeid);
comm.Parameters.AddWithValue("@name", NAME);
comm.Parameters.AddWithValue("@now", DateTime.Now);

By expressing your data as data instead of as part of the "code" (the SQL) you avoid having to worry about conversions (e.g. date formats) and you avoid SQL injection attacks.

See the SqlCommand.Parameters documentation for more details (or search for "parameterized queries").

---

Enclose the columns, who has varchar and datetime type,in a single quote.

SqlCommand comm = new SqlCommand(
    "Insert into FileUpload ('FilePath','TypeId','UploadedBy','UploadedDate') 
    values ('" + savePath + "'," + typeid + ",'" + NAME + "','" + DateTime.Now+ "')", 
    conn);