调试代码，并在运行时检查在sb中形成的Insert语句是什么.
看看下面的" SQL插入"语法链接.

http://www.w3schools.com/sql/sql_insert.asp

Debug your code and check what is the Insert statement gets formed in sb at run-time.

Have a look at below link for "SQL Insert" syntax.

http://www.w3schools.com/sql/sql_insert.asp

使用参数化查询来防止SQL注入
使用参数化查询来防止SQL注入攻击在SQL Server中 [ ^ ]

还请小心使用 SQL Server保留关键字 [ ^ ]，使用正方形字段名称&的方括号[].表名.

而且您的代码是错误的，请尝试一下.

Prevent SQL injection by using parametrized queries
Using Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

Also careful with SQL Server Reserved Keywords[^], Use Square brackets[] for the field names & table names.

And your code is wrong, try this.

const string insertsql = "INSERT INTO Items(Description,ItemNo,Qty)VALUES";
sb.AppendFormat("{0}",insertsql);  
foreach (string item in sc)
        {
            if (item.Contains(","))
            {
                splitItems = item.Split(",".ToCharArray());
                sb.AppendFormat("'{0}','{1}','{2}');",splitItems[0], splitItems[1], splitItems[2]);                    
            }
        }

但是使用参数化查询

But use parametrized queries

错误描述说，您正在执行的查询不完整. INSERT INTO Items(Description,ItemNo,Qty)VALUES

正确的查询应该是

INSERT INTO Items(Description,ItemNo,Qty)VALUES(''desc1'',''item1'',''qty1'');

为什么您的查询的值部分为空白... ???而且也没有括号！

检查您的循环，并在需要的地方添加检查条件...应该没有空白查询:) :)

调试它，并在执行之前获取命令字符串..在程序执行之前，尝试在sql内部执行它.
希望您能尽快发现自己的错误:)

the error description says, you are executing an incomplete query.. i.e.
INSERT INTO Items(Description,ItemNo,Qty)VALUES

the right query should be

INSERT INTO Items(Description,ItemNo,Qty)VALUES(''desc1'',''item1'',''qty1'');

why your query''s value part is blank... ??? and there are no brackets too!!!

check your loopings and, add check conditions where required... there should be no blank queries :) :)

debug it, and get the command string before it executes.. try to execute it inside the sql before the programe executes it..

hope you notice your mistake soon :)