Never ever use string concatenation fro query creation. It enables SQL injection on your system...
How to: Execute a Parameterized Query[
^]
As for your problem...
The time value passed as string but not enclosed in quotes and for that SQL try to interpret it as is and fails...
It is true that you can enclose it in quotes and solved your problem, but using parametrized query will do it better...