First off, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
The code you show won;t do that, but it's an indicator that the rest of your codee does, and that's very, very dangerous.
Then, don't use a string. Start by looking at exactly what you have stored in INVOICETIME, and what data type it is stored in. Ideally, it'll be a DATETIME or DATETIME2 column - if it isn't, then change your DB so it is; it'll make everything a whole load easier for everything you want to do with it past basic SELECT and INSERT operations.
Then use a DateTime value in your code:
Dim now As DateTime = DateTime.Now
Dim limit As DateTime = now.AddHours(9 - now.Hour)
You can now pass that as a parameter to your SQL query, and compare the values directly.