Incorrect syntax near ',' while using update query

Question

Following is my code.I have used class in my website.But i am getting error as "Incorrect syntax near ',' ".....can anyone tell me what is wrong in the code..

protected void btnadd_Click(object sender, EventArgs e)
    {
        s1 = "Update tckt_tbl Set class='" + ddlclass.Text + "',dist=" + lbldist.Text + ",no_of_adults=" + ddladults.Text + ",no_of_senior=" + ddlsenior.Text + ",n1='" + txtn1.Text + "',";
        s1 += "n2='" + txtn2.Text + "',n3='" + txtn3.Text + "',n4='" + txtn4.Text + "',n5='" + txtn5.Text + "',n6='" + txtn6.Text + "',";
        s1 += "ag1=" + txtag1.Text + ",ag2=" + txtag2.Text + ",ag3=" + txtag3.Text + ",ag4=" + txtag4.Text + ",ag5=" + txtag5.Text + ",ag6=" + txtag6.Text + ",";
        s1 += "gen1='" + txtgen1.Text + "',gen2='" + txtgen2.Text + "',gen3='" + txtgen3.Text + "',gen4='" + txtgen4.Text + "',gen5='" + txtgen5.Text + "',gen6='" + txtgen6.Text + "',";
        s1 += "cn1='" + txtchn1.Text + "',cn2='" + txtchn2.Text + "',cag1=" + txtcag1.Text + ",cag2=" + txtcag2.Text + ",cgen1='" + txtcgen1.Text + "',cgen2='" + txtcgen2.Text + "' Where userid=" + Session["suser"].ToString() + "";
        con.ExecQuery(s1);
        Response.Redirect("tcktbook_itckt.aspx");
    }

Answer 1

First off, it is a really bad idea to build a query from user input. I suggest you use a parameterized query instead.

Try outputting s1 to see what the query looks like.

Chances are good that you have an unbalanced quote.

Answer 2

On third line there is problem.

s1 += "ag1=" + txtag1.Text + ",ag2=" + txtag2.Text + ",ag3=" + txtag3.Text + ",ag4=" + txtag4.Text + ",ag5=" + txtag5.Text + ",ag6=" + txtag6.Text + ",";

I think here commas and semicoluns are not given properly.

Answer 3

I suggest you use Parameter Query, rather than concatenate everything. But before that, are you sure that you already give all value? Because if you didn't give any value for numeric field, it should show an error, since the query become:

..cag1=,cag2..