One problem you have is that you're concatenating the data from the textbox to the SQL query. This leaves you open to SQL injections and conversion problems. For more information, see
SQL injection - Wikipedia[
^]
You have used parameters in your
INSERT
statement so you should do the same with the select.
Another problem is that
INSERT
syntax does not contain asterisk. So it's simply
INSERT INTO TableName (column, column, ...) VALUES (value, value, ...).
For further examples, have a look at
Properly executing database operations[
^]
Even though the examples are using SqlClient, the idea is the same with OleDb... classes.