That is some confused code.
Look at this part alone:
Dim com As Integer = 0
Dim suname As String
...
If suname = String.IsNullOrEmpty(suname) Then
Since
suname
is a String, and
IsNullOrEmpty
returns a Boolean value, the compiler with implicitly cast the Boolean to a string, so unless the name you get back from the database is "True" or "False" your code isn't going to ever add 20 to
com
...
You also need to look at the content of your Session variable in order to sort out the direct problem - without that you have no idea what string you are passing to SQL which is the crux of the error you have noticed.
Add some logging, use the debugger, or similar to report the value to you before it is used to build the SQL string - it's the only way you are going work out exactly what is going wrong.
And when you have sorted that out, stop doing it like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.