use parametrized queries for avoiding SQL injection. Example:
http://msdn.microsoft.com/en-us/library/bb738521.aspx[
^]
Also, do not use reserved words as column/table names.
List of reserved words in MS Access:
http://support.microsoft.com/kb/286335[
^]
If you still want to use the query you are using then enclose the column name in brackets which are reserved words. example:
cmd.CommandText = "INSERT INTO CARLOG (ID, CARID, [TIME], [DATE], MAKE, MODEL, REG, COMPANY, OWNER)" & _