ASP.NET & SQL Server : Incorrect syntax near '?' -

ASP.NET & SQL Server : Incorrect syntax near '?' -

i receiving error

incorrect syntax near ?

when trying utilize update query function. code sagepay http://www.sagepay.co.uk/file/12136/download-document/dotnetkit%201.2.6.7%20-%202014-08-14.zip?token=bjfwtm7qnnnm5zcc_l_dohq4inb0cqtpcxcd5jopeh4 , relates server inframe implementation.

as far can see order beingness passed correctly, , list of fields, match database, not understanding why seeing error. code created mysql have had adapt sql server.

i've tried debugging, cannot see beingness committed sql server cmd.executenonquery(); help much appreciated, here code:

private static readonly list<string> fieldnames = new list<string> { vendortxcodefield, addressresultfield, addressstatusfield, amountfield, avscv2field, bankauthcodefield, basketfield, billingfirstnamesfield, billingsurnamefield, billingphonefield, billingaddress1field, billingaddress2field, billingcityfield, billingpostcodefield, billingstatefield, billingcountryfield, declinecodefield, deliveryfirstnamesfield, deliverysurnamefield, deliveryphonefield, deliveryaddress1field, deliveryaddress2field, deliverycityfield, deliverypostcodefield, deliverystatefield, deliverycountryfield, capturedamountfield, cardtypefield, cavvfield, currencyfield, customeremailfield, cv2resultfield, expirydatefield, fraudresponsefield, giftaidfield, last4digitsfield, lastupdatedfield, payeridfield, payerstatusfield, postcoderesultfield, relatedvendortxcodefield, securitykeyfield, statusfield, statusmessagefield, surchargefield, threedsecurestatusfield, transactiontypefield, txauthnofield, tokenidfield, vpstxidfield }; public static bool updateorder(order order, string vendortxcode) { var result = false; sqlconnection conn = null; seek { conn = new sqlconnection(connectionstring); conn.open(); var cmd = new sqlcommand { connection = conn, commandtext = "update orders set " + string.join(",", fieldnames.select(field => field + "=?" + field).tolist()) + " " + vendortxcodefield + " =?" + vendortxcodefield }; cmd.prepare(); addorderparameters(cmd, order); cmd.executenonquery(); result = true; } grab (sqlexception ex) { console.writeline("error: {0}", ex); } { if (conn != null) { conn.close(); } } homecoming result; } private static void addorderparameters(sqlcommand command, order order) { command.parameters.addwithvalue(vendortxcodefield, order.vendortxcode); command.parameters.addwithvalue(addressresultfield, order.addressresult); command.parameters.addwithvalue(addressstatusfield, order.addressstatus); command.parameters.addwithvalue(amountfield, order.amount); command.parameters.addwithvalue(avscv2field, order.avscv2); command.parameters.addwithvalue(bankauthcodefield, order.bankauthcode); command.parameters.addwithvalue(basketfield, order.basket); command.parameters.addwithvalue(billingaddress1field, order.billingaddress1); command.parameters.addwithvalue(billingaddress2field, order.billingaddress2); command.parameters.addwithvalue(billingcityfield, order.billingcity); command.parameters.addwithvalue(billingcountryfield, order.billingcountry); command.parameters.addwithvalue(billingfirstnamesfield, order.billingfirstnames); command.parameters.addwithvalue(billingphonefield, order.billingphone); command.parameters.addwithvalue(billingpostcodefield, order.billingpostcode); command.parameters.addwithvalue(billingstatefield, order.billingstate); command.parameters.addwithvalue(billingsurnamefield, order.billingsurname); command.parameters.addwithvalue(capturedamountfield, order.capturedamount); command.parameters.addwithvalue(cardtypefield, order.cardtype); command.parameters.addwithvalue(cavvfield, order.cavv); command.parameters.addwithvalue(currencyfield, order.currency); command.parameters.addwithvalue(customeremailfield, order.customeremail); command.parameters.addwithvalue(cv2resultfield, order.cv2result); command.parameters.addwithvalue(declinecodefield, order.declinecode); command.parameters.addwithvalue(deliveryaddress1field, order.deliveryaddress1); command.parameters.addwithvalue(deliveryaddress2field, order.deliveryaddress2); command.parameters.addwithvalue(deliverycityfield, order.deliverycity); command.parameters.addwithvalue(deliverycountryfield, order.deliverycountry); command.parameters.addwithvalue(deliveryfirstnamesfield, order.deliveryfirstnames); command.parameters.addwithvalue(deliveryphonefield, order.deliveryphone); command.parameters.addwithvalue(deliverypostcodefield, order.deliverypostcode); command.parameters.addwithvalue(deliverystatefield, order.deliverystate); command.parameters.addwithvalue(deliverysurnamefield, order.deliverysurname); command.parameters.addwithvalue(expirydatefield, order.expirydate); command.parameters.addwithvalue(fraudresponsefield, order.fraudresponse); command.parameters.addwithvalue(giftaidfield, order.giftaid); command.parameters.addwithvalue(last4digitsfield, order.last4digits); command.parameters.addwithvalue(lastupdatedfield, order.lastupdated); command.parameters.addwithvalue(payeridfield, order.payerid); command.parameters.addwithvalue(payerstatusfield, order.payerstatus); command.parameters.addwithvalue(postcoderesultfield, order.postcoderesult); command.parameters.addwithvalue(relatedvendortxcodefield, order.relatedvendortxcode); command.parameters.addwithvalue(securitykeyfield, order.securitykey); command.parameters.addwithvalue(statusfield, order.status); command.parameters.addwithvalue(statusmessagefield, order.statusmessage); command.parameters.addwithvalue(surchargefield, order.surcharge); command.parameters.addwithvalue(threedsecurestatusfield, order.threedsecurestatus); command.parameters.addwithvalue(tokenidfield, order.tokenid); command.parameters.addwithvalue(transactiontypefield, order.transactiontype); command.parameters.addwithvalue(txauthnofield, order.txauthno); command.parameters.addwithvalue(vpstxidfield, order.vpstxid); }

you have utilize @ sql-parameters. maybe fixes issue although must admit don't understand query because column-names same values. ...

string sql = @"update orders set {0} {1}=@{1};"; sql = string.format(sql , string.join(",", fieldnames.select(field => string.format("{0}=@{0}", field))) , vendortxcodefield); using (sqlcommand cmd = new sqlcommand(sql, conn)) { (int = 0; < fieldnames.count; i++) { cmd.parameters.addwithvalue(fieldnames[i], fieldnames[i]); } // open connection , execute command... }

asp.net sql-server sagepay