Can't find the error in the SQL Windows Forms

Question

I am receiving an error in an SQL query in Windows Forms Application. But I don't understand where is the error in the query. It is even working in Visual Studio query script. I have attached important files below.

In my windows forms application, I am receiving an SQL error here is the screenshot.

The error is,

System.Data.SqlClient.SqlException: 'Incorrect syntax near ','.'

Here is the function which attempts to create a row in the Alumni Table.

public void createAlumni(int id, string fname, string lname, string sid, string age, string pyear, string present_address, string permanent_address, string father, string mother, string work, string email, string password, string subtitle, string desc) {
        string sql = string.Format("INSERT INTO Alumni (Id, FirstName,LastName, StudentID, Email, Password, Age, PassingYear, PresentAddress, PermanentAddress, FathersName, MothersName, WorkPlace, ProfileSubtitle, ProfileDescription, ProfilePicture, Verified) VALUES ({0}, '{1}', '{2}', '{3}', '{4}', '{5}', {6}, '{7}', '{8}', '{9}', '{10}', '{11}', '{12}', '{13}', '{14}', {15}, {16});", id, fname, lname, sid, email, password, Convert.ToInt32(age), pyear, present_address, permanent_address, father, mother, work, subtitle, desc, null, 0);            

        SqlConnection conn = new SqlConnection(connectionString);
        SqlCommand cmd = new SqlCommand(sql, conn);
        cmd.Connection.Open();
        int rowCount = cmd.ExecuteNonQuery();
        if (rowCount == 0)
        {
            MessageBox.Show("Something went wrong");
        }
        else {
            UpdateCount();
        }
        cmd.Connection.Close();

    }

Here is the Alumni table.

Answer 1

Argument index 15, ProfilePicture , the value you're passing into it is null , which is replaced by an empty space, so in your final query you have something like ..., , ... .

Please don't use queries like this, it is always, without exception, wrong, even if you don't count SQL injection.