Question : Invalid column name '[email protected]'

The following is a stored procedure I am calling. This is called from a search page where criteria is specified and then submitted.

USE [dbOIT]
GO
/****** Object:  StoredProcedure [dbo].[SearchResults]    Script Date: 08/23/2010 18:22:25 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[SearchResults]

 @Tag                        nvarchar(100)
,@Email                        nvarchar(120)
,@Serial                  nvarchar(50)
,@EquipID                  nvarchar(4)
,@Platform                  nvarchar(4)
,@OS                        nvarchar(4)

AS
BEGIN
SET NOCOUNT ON;

DECLARE @sql1            nvarchar(4000)

SELECT @sql1='
            SELECT
            a.AssetID,a.AssetTag,a.OSId,a.ModelID,a.EquipmentTypeID,a.PlatformID,a.EmailAddress,a.SerialNumber
            ,p.PlatformName,e.EquipmentType,m.ModelName
            ,ltrim(rtrim(a.HDD)) as HDD,ltrim(rtrim(a.RAM)) as RAM,o.OperatingSystem
            FROM dbo.Assets a
            JOIN dbo.EquipmentTypes e WITH (NOLOCK) on e.EquipmentTypeID=a.EquipmentTypeID
            JOIN dbo.Platforms p WITH (NOLOCK) on p.PlatformID=a.PlatformID
            JOIN dbo.Models m WITH (NOLOCK) on m.ModelID=a.ModelID
            JOIN dbo.OperatingSystems o WITH (NOLOCK) on o.OSId=a.OSId
            Where 1=1'
           
            IF @Tag IS NOT NULL
            SELECT @sql1 = @sql1 + ' AND a.AssetTag = ' + @Tag
           
                  IF @Email IS NOT NULL
            SELECT @sql1 = @sql1 + ' AND a.EmailAddress = ' + @Email + '"'
           
                     IF @Serial IS NOT NULL
            SELECT @sql1 = @sql1 + ' AND a.SerialNumber = ' + @Serial
           
                     IF @EquipID IS NOT NULL
            SELECT @sql1 = @sql1 + ' AND a.EquipmentTypeID = ' + @EquipID
           
                     IF @Platform IS NOT NULL
            SELECT @sql1 = @sql1 + ' AND a.PlatformID = ' + @Platform

                     IF @OS IS NOT NULL
            SELECT @sql1 = @sql1 + ' AND a.OSId = ' + @OS
           
EXEC(@sql1)            
END

Here's the strange part. I can pass Operating System, Platform, Equipment Type, and Asset Tag with total success. However, when I pass Email Address or Serial #, I get the following:

Invalid column name '[email protected]'



Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Invalid column name '[email protected]'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SqlException (0x80131904): Invalid column name '[email protected]'.]
   System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +1951450
   System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +4849003
   System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +194
   System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2394
   System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +33
   System.Data.SqlClient.SqlDataReader.get_MetaData() +83
   System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +297
   System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +954
   System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +162
   System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
   System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +141
   System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +12
   System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +10
   System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +130
   System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +287
   System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) +92
   System.Web.UI.WebControls.SqlDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +1297
   System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback) +19
   System.Web.UI.WebControls.DataBoundControl.PerformSelect() +142
   System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +73
   System.Web.UI.WebControls.GridView.DataBind() +4
   System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +82
   System.Web.UI.WebControls.CompositeDataBoundControl.CreateChildControls() +72
   System.Web.UI.Control.EnsureChildControls() +87
   System.Web.UI.Control.PreRenderRecursiveInternal() +44
   System.Web.UI.Control.PreRenderRecursiveInternal() +171
   System.Web.UI.Control.PreRenderRecursiveInternal() +171
   System.Web.UI.Control.PreRenderRecursiveInternal() +171
   System.Web.UI.Control.PreRenderRecursiveInternal() +171
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842



Any idea what's going wrong here?

Answer : Invalid column name '[email protected]'

I meant the below (correction).
You need to quote it because it is a (n)(var)char

1:	SELECT @sql1 = @sql1 + ' AND a.EmailAddress = ' + QuoteName(@Email,'''') + ''