[RESOLVED] System.Data.SqlClient.SqlException: Incorrect syntax near '='

im getting System.Data.SqlClient.SqlException: Incorrect syntax near '=' , when im trying to execute the below script :

 

Label1.Text = Convert.ToString(Session["f"]);
        SqlConnection conkill = new SqlConnection("Data Source=.;Initial Catalog=CMST;Integrated Security=True;Pooling=False");
        conkill.Open();
        SqlCommand cmdkill = new SqlCommand("UPDATE users SET Logged='False'WHERE userid=" + Label1.Text, conkill);
        
        cmdkill.ExecuteNonQuery();
        conkill.Close();

any help ????

 

what is the data-type of Logged column in users table, if it is of type bit/booloen then your statement is wrong as you are compairing text valuem just use following,

SqlCommand cmdkill = new SqlCommand("UPDATE users SET Logged = false WHERE userid=" + Label1.Text, conkill);

Better Use SQLParameters parameters as shown below

SqlConnection conkill = new SqlConnection("Data Source=.;Initial Catalog=CMST;Integrated Security=True;Pooling=False");
            conkill.Open();
            SqlCommand cmdkill = new SqlCommand("UPDATE users SET Logged=@Logged WHERE userid=@userid", conkill);
            cmdkill.Parameters.Add(new SqlParameter("@Logged", false));
            cmdkill.Parameters.Add(new SqlParameter("@userid", Label1.Text));
            cmdkill.ExecuteNonQuery();
            conkill.Close();

For further help refer

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx

Have you tried placing a breakpoint within your code to see what the values of some of your objects are to ensure that you are passing safe values in as your parameters?

You'll likely want to consider using SqlParameters instead of directly concatenating values from your Label instead as well as using a
using-statement to properly scope your connection as seen in the annotated example below : 

// Check that the Session key exists (important)
if(Session["f"] != null)
{
     // Set the value of your TextBox
     Label1.Text = Session["f"];

     // Create a using statement for your connection (to ensure proper closure and disposal)
     using(SqlConnection conkill = new SqlConnection("Data Source=.;Initial Catalog=CMST;Integrated Security=True;Pooling=False"))
     {
          // Your Query (notice the use of a parameter which will be populated shortly
          string sql = "UPDATE users SET Logged = 'False' WHERE userid = @UserId";

          // Create a SqlCommand to execute your query
          SqlCommand cmdkill = new SqlCommand(sql,conkill);

          // Add your parameters
          cmdkill.Parameters.AddWithValue("@UserId", Label1.Text);

          // Open your connection, execute your query and close your connection
          conkill.Open();
          cmdkill.ExecuteNonQuery();
          conkill.Close();
     }
}

SqlCommand cmdkill = new SqlCommand ( "UPDATE users SET Logged=False WHERE userid='" + Label1.Text + "'" , conkill);

Use your Sql query like this

string query="UPDATE users SET Logged=False WHERE userid='" + Label1.Text + "'";

SqlCommand cmdkill = new SqlCommand ( query , conkill);