Look at the error message:
Syntax error in INSERT INTO statement.
So start by looking at exactly what is in
SQL
(the variable) when you execute that code: it's wrong, and only you can tell exactly what is in it by using the debugger to find out while your code is running.
We can't even see where you call that code from, much less what you pass into those methods.