First you don't need the ending
garbage. I see that all the time with newb's and it's completely useless.
On your problem line, you start a string literal with a " and then you try to add a variable value to it without first closing the literal.
Next, DO NOT USE string concatenation to build an SQL query. ALWAYS use parameterized queries. See DataAdapter Parameters | Microsoft Docs
] for how to do it.
Then go see Google: sql injection attack
] for why.