One problem is that you concatenate the values directly to the SQL statement. This introduces conversion errors, leaves you open to SQL injections and so on.
The fix would be to use
OleDbParameter
objects. While the article is using SqlParamater, the idea is the same so have a look at
Properly executing database operations[
^]