The syntax error is because you haven't got quotes round the strings in your SQL statement.
However, don't do it that way! Use parameterized queries. It solves this problem, and it prevents any nasty security problems (search for "Injection Attack" to see what your current version might be opening itself to).
Amritpal Singh Moomie
Joined: Sep 24, 2010
thanks very much
i have one more question
How can i check whether the resultset has any row or not?