Why have you used string concatenation to pass one parameter? You clearly know how to use a parameterized query, since all of the other parameters are passed correctly, but you've chosen to use string concatenation for the
StockDate.Text
, leaving your code vulnerable to
SQL Injection[
^].
Fix the vulnerability, and you will fix your error:
Dim cb As String = "insert into Product(ProductID,ProductName,ProductType,Category,Specification,Date3,UnitPrice) VALUES (@d1,@d2,@d3,@d4,@d5,@d6,@d7)"