As said there are a lot of problems in the code
- concantenation of values leaves you open to SQL injection
- concantenation of values introduces conversion problems
- you don't use using blocks so Dispose may be omitted even if present
- you don't have any error handling
- connection string is statically embedded into a method
- not necessarily a problem but if these methods are used in a loop or with other DML statements then you're missing transactions and so on...
I suggest going through
Properly executing database operations[
^]