You are appending
whereas I suspect that your intention was to append
The former would probably result in a fully qualified typename in your WHERE clause, which would contain commas.
As an aside, you should be aware that constructing SQL in this way leaves you potentially open to SQL Injection attacks. If that’s a concern, you may be better off considering a stored procedure, or an ORM tool (such as Entity Framework).
solved Getting error “Incorrect syntax near ‘,'”