Syntax error in INSERT INTO statement c#.net Winforms Devexpress?

Question

I get date from DateEdit and try to Store into Access Database. But it show error like this

Syntax error in INSERT INTO statement.

my insert statement is this

 OleDbCommand top = new OleDbCommand("INSERT INTO invoice(invoice_number,order_number,customername,status,subtotal,tax,total,date) VALUES (" + inno + "," + odrno + ",'" + name + "','"+ chk1 +"' ,"+ subtottal +","+ tax +","+total+",'"+date+"')", conn);
 top.ExecuteNonQuery();

Except Date remaining values store successfully but how can i store date ??

I get date like this DateTime date = dateEdit1.DateTime;

Help me.

Answer 1

DATE is a reserved keyword for Microsoft Access. You shoud use it with square brackets like [DATE]

And you should always use parameterized queries. This kind of string concatenations are open for SQL Injection attacks.

OleDbCommand top = new OleDbCommand(@"INSERT INTO invoice(invoice_number,order_number,customername,status,subtotal,tax,total,[date]) 
                                     VALUES (@invoice_number, @order_number, @customername, @status, @subtotal, @tax, @total, @date)", conn);
top.Parameters.AddWithValue("@invoice_number", inno);
top.Parameters.AddWithValue("@order_number", odrno);
top.Parameters.AddWithValue("@customername", name);
top.Parameters.AddWithValue("@status", chk1);
top.Parameters.AddWithValue("@subtotal", subtotal);
top.Parameters.AddWithValue("@tax", text);
top.Parameters.AddWithValue("@total", total);
top.Parameters.AddWithValue("@date", date);

As a general recommendation, don't use reserved keywords for your identifiers and object names in your database.