incorrect syntax near the keyword 'Values'

Question

this is my code.i want to save these values into database.And an error occured,

incorrect syntax near the keyword Values

foreach (GridViewRow gvr in GridView1.Rows)
{
string strcon1;
strcon1 = ConfigurationManager.ConnectionStrings["fwma_devConnectionString"].ConnectionString;
SqlConnection con1 = new SqlConnection(strcon1);
con1.Open();
SqlCommand com3 = new SqlCommand(strcon);
TextBox tb = (TextBox)gvr.FindControl("TextBox2");//value
string txt = tb.Text;

Label propertylabel = (Label)gvr.FindControl("Label4");//id-property

com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + " ), con1";
com3.Connection = con1;
com3.ExecuteNonQuery();
con1.Close();

Answer 1

use this

com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values('" + propertylabel.Text + "','" + B_id.Text + "','" + tb.Text + "')";

instead of

com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + " ), con1";

Answer 2

Shouldn't this line be like this?

        com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,Values) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + ")";

and please use command parameters:

When should "SqlDbType" and "size" be used when adding SqlCommand Parameters?

Answer 3

If you are using the reserved keywords ,you should specify delimited identifiers either quoted or bracketed.

example using bracketed

com3.CommandText = "INSERT INTO BrandProperties(PropertyID,BrandID,[Values]) values(" + propertylabel.Text + "," + B_id.Text + "," + tb.Text + " ), con1";