I am getting a string from a database that is in xml format and trying to update the xml with the following query:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage + " WHERE ID = " + message.Id);

but it gives me the error message:

Incorrect syntax near '<'.
The label 'xmlns' has already been declared. Label names must be unique within a query batch or stored procedure.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name.

I have a feeling it might have something to do with the quotes, but I am not sure. I have tried different options like single quotes, mixture,etc.

For example, if I do:

ExecuteNonQuery("Update Logs SET Message = " + encryptedMessage.Replace('"','\'')+ " WHERE ID = " + message.Id);

Would this permanently update the double quotes in the message to single quotes. I don’t want to do this.