SQL syntax error manual check

Question

For the code below I get the error

You have an error with your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name','Score') VALUES('cain','0') at line 1

private void btnSubmitScore_Click(object sender, EventArgs e)
{
    string connStr = "server=bel.sunderland.ac.uk; " +
                     "database=bg30xw; " +
                     "uid=USERNAME; " +
                     "pwd=PASSWORD;";

    string query = "INSERT INTO highscore('Name','Score') VALUES (@Name, @Score);";

    using(MySqlConnection myconn = new MySqlConnection(connStr))
    {
        Console.WriteLine(query);
        MySqlCommand insertCommand = new MySqlCommand(query,myconn);
        insertCommand.Parameters.AddWithValue("@Name",sName);
        insertCommand.Parameters.AddWithValue("@Score",iTotalScore);

        try
        {
            myconn.Open();
            insertCommand.ExecuteNonQuery();

        }
        catch (MySqlException ex)
        {
            MessageBox.Show(ex.Message);
        }
        myconn.Close();
    }

The error showed up in the 'messagebox.show(ex.message);' when I ran the program. I looked on google but most of the suggestions was for quotation marks, I have changed and re-changed them but to no avail.

Thanks

Answer 1

Single-word column names don't need to be escaped (I don't think MySQL allows it, but I may be wrong);therefore, this should work:

INSERT INTO highscore(Name,Score) VALUES (@Name, @Score); 

You may give an alias to a column, using spaces when you run a select statement, but I simply avoid them in general.

Answer 2

Use backticks to escape column (and table) names, not quotes

INSERT INTO highscore(`Name`,`Score`) VALUES (@Name, @Score)