Conversion failed when converting date and/or time from character string; with SQLCommand.CommandText and SQLCommand.Parameters.AddWithValue

Question

I'm trying to insert data into my SQL Server 2014 database. I wrote the SQL query with the @parameters and used the SqlCommand.Parameters.AddWithValue to parse the values, without worrying about SQL injection.

The problem is, when I start the program, I get this exception:

Conversion failed when converting date and/or time from character string

using (SqlCommand insertCall = new SqlCommand())
{
    insertCall.Connection = connection;
    insertCall.CommandType = CommandType.Text;

    insertCall.CommandText = "INSERT into CallingHistory  (historyid, callid, duration," +
                               "[time-start],[time-answered],[time-end],[reason-terminated],[from-no],[to-no],[from-dn],[to-dn],[dial-no]," +
                               "[reason-changed],[final-number],[final-dn],[bill-code],[bill-rate],[bill-cost],[bill-name],chain,[from-type]," +
                               "[to-type],[final-type],[from-displayname],[to-dispname],[final-dispname], [missed-queue]) " +
                               "VALUES('@historyid', '@callid', '@duration', '@timestart', '@timeanswered', '@timeend', '@reasonterminated', '@fromno', '@tono', '@fromdn', '@todn'," +
                               "'@dialno', '@reasonchanged', '@finalnumber','@finaldn', '@billcode', '@billrate', @billcost, '@billname', '@chain', '@fromtype', '@totype', '@finaltype'," +
                               "'@fromdisplayname', '@todispname', '@finaldispname', '@missedqueue')";

    string billcost = (values[17] == "" ? "0" : values[17]);
    string timeanswered = (values[4] == "" ? DBNull.Value.ToString() : values[4]);
    string duration = (values[2] == "" ? DBNull.Value.ToString() : values[2]);

     insertCall.Parameters.AddWithValue("@historyid", values[0]);
     insertCall.Parameters.AddWithValue("@callid", values[1]);
     insertCall.Parameters.AddWithValue("@duration", duration);
     insertCall.Parameters.AddWithValue("@timestart", values[3]);
     insertCall.Parameters.AddWithValue("@timeanswered", timeanswered);
     insertCall.Parameters.AddWithValue("@timeend", values[5]);
     insertCall.Parameters.AddWithValue("@reasonterminated", values[6]);
     insertCall.Parameters.AddWithValue("@fromno", values[7]);
     insertCall.Parameters.AddWithValue("@tono", values[8]);
     insertCall.Parameters.AddWithValue("@fromdn", values[9]);
     insertCall.Parameters.AddWithValue("@todn", values[10]);
     insertCall.Parameters.AddWithValue("@dialno", values[11]);
     insertCall.Parameters.AddWithValue("@reasonchanged", values[12]);
     insertCall.Parameters.AddWithValue("@finalnumber", values[13]);
     insertCall.Parameters.AddWithValue("@finaldn", values[14]);
     insertCall.Parameters.AddWithValue("@billcode", values[15]);
     insertCall.Parameters.AddWithValue("@billrate", values[16]);
     insertCall.Parameters.AddWithValue("@billcost", billcost);
     insertCall.Parameters.AddWithValue("@billname", values[18]);
     insertCall.Parameters.AddWithValue("@chain", values[19]);
     insertCall.Parameters.AddWithValue("@fromtype", values[20]);
     insertCall.Parameters.AddWithValue("@totype", values[21]);
     insertCall.Parameters.AddWithValue("@finaltype", values[22]);
     insertCall.Parameters.AddWithValue("@fromdisplayname", values[23]);
     insertCall.Parameters.AddWithValue("@todispname", values[24]);
     insertCall.Parameters.AddWithValue("@finaldispname", values[25]);
     insertCall.Parameters.AddWithValue("@missedqueue", values[26]);

    string sqlquery=insertCall.CommandText;

    foreach (SqlParameter item in insertCall.Parameters)
    {
        sqlquery= sqlquery.Replace(item.ParameterName, item.Value.ToString());
    }

    try
    {
        insertCall.ExecuteNonQuery();
    }
    catch (SqlException)
    {
        Console.WriteLine("Error inserting into the database");
    }
}

I tried to write the SQL query hardcoded into SqlCommand.CommandText (insertCall.CommandText).

I wrote this:

string sqlquery = insertCall.CommandText;

foreach (SqlParameter item in insertCall.Parameters)
{
    sqlquery = sqlquery.Replace(item.ParameterName, item.Value.ToString());
}

insertCall.CommandText = sqlquery;

try
{
    insertCall.ExecuteNonQuery();
}
catch (SqlException)
{
    Console.WriteLine("Error inserting into the database");
}

insertCall.CommandText = sqlquery;

This is an example, what is in insertCall.CommandText

INSERT into CallingHistory  (historyid, callid, duration,[time-start],[time-answered],[time-end],[reason-terminated],[from-no],[to-no],[from-dn],[to-dn],[dial-no],[reason-changed],[final-number],[final-dn],[bill-code],[bill-rate],[bill-cost],[bill-name],chain,[from-type],[to-type],[final-type],[from-displayname],[to-dispname],[final-dispname], [missed-queue])
VALUES('Call 29273', '00000C0F29FCCCBC_82', '','2021.03.03 18:07:56','','2021.03.03 18:07:58','Failed','Ext.54','012345678','54','012345678','012345678','','','','','',0,'','','Extension','LineSet','','M Ulus','012345678','', '\r\n')

When this is in the insertCall.CommandText the query is successful, and the program successfully inserts data into the database.

I also tried with converting with DateTime.Parse, but it still doesn't work.

insertCall.Parameters.AddWithValue("@duration", DateTime.Parse(duration).TimeOfDay);
insertCall.Parameters.AddWithValue("@timestart", DateTime.Parse(values[3]));
insertCall.Parameters.AddWithValue("@timeanswered", DateTime.Parse(timeanswered));
insertCall.Parameters.AddWithValue("@timeend", DateTime.Parse(values[5]));

I tried everything I could think of.

Do you guys have any ideas, what the problem is or what the work around is. I really would like it to be protective against SQL injection.

And on the other hand I heard, that the error could be because of SQL Server 2014. That we need to update it. I will try it out on SQL Server 2019 tomorrow.

Here are the columns of the table I'm trying to insert