As ki1/ki2/ki3 are strings you
would have to quote them. I assume you did that in your insert-statement and just forgot that here.
But: You shouldn't build your query-strings by concatenating the values as literals anyway.
Instead you should use SQL-Parameters. Please see one of my previous answers where I wrote an exemplary "good practice" database-access (a select-statement there but that doesn't matter). I also explain there the advantages of SQL-Parameters:
how to loop sql server table to create a datagridview - sql table field matches csv field[
^]
Edit: The code-formatting is a bit messed up there, unfortunately, because of slight bugs with this website. There's a <pre>-Tag in the code that doesn't belong there and the last line isn't part of the code-block any more.