Building a string by concatenating text boxes is a bad idea for a couple of reasons ...
Firstly, you are leaving yourself vulnerable to SQL Injection attacks - see
http://bobby-tables.com/[
^]
So use parameterised queries to avoid this.
Secondly, if you do use parameterised queries, you will gain certain other advantages - simpler query strings - which make it easier to spot any errors. For example you won't have to worry about the single quotes around string parameters. Your command string would become
string str1="insert into Employee values (@empid,@EmpName,@sal,@dob,@doj,@orderid)"
Looking at the query now, I can tell that your problem was the result of the contents of one (or more) of your text boxes.
When creating the parameters from your text boxes do use the TryParse methods on int, string etc to ensure that the contents of the text boxes really do contain the type of data you expect.
Finally, in the debugger grab the final content of str1 and paste it into query analyser or similar ... you might get more detailed error reporting in context.
[edit - example of sql parameters]
http://csharp-station.com/Tutorial/AdoDotNet/Lesson06[
^]