Do not do that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And pass the values in the correct format directly via the parameters. So you pass an int to a INT column, a DateTime to a DATE or DATETIME column, and only use strigns for VARCHAR or NVARCHAR columns.
The chances are, that will cure your problem at the same time.
And while you are making changes, list the column names you are inserting into:
INSERT INTO MyTable (Column1, Column2) VALUES (?,?)
If you don't, then the DB will try to insert the values in the table current order: so if the first column is an IDENTITY field, the update will fail. And any future changes to the DB may break your code.