Try using Parameterized query , it saves the DB from
SQL_injection[
^]
CmdObj = new OdbcCommand("insert into Record_table(Emp_name, Dates, Hours, Task , Client , project, Comments, TeamMemberType)" +
"values( @Emp_name,@Dates, @Hours, @Task , @Client , @project, @Comments, @TeamMemberType", ConObj)
CmdObj.Parameters.AddWithValue("@Emp_name", Emp_name);
CmdObj.Parameters.AddWithValue("@Dates", date);
CmdObj.Parameters.AddWithValue("@Hours", dr[4]);
CmdObj.Parameters.AddWithValue("@Task", dr[2]);
CmdObj.Parameters.AddWithValue("@Client", dr[0]);
CmdObj.Parameters.AddWithValue("@project", dr[1]);
CmdObj.Parameters.AddWithValue("@Comments", dr[6]);
CmdObj.Parameters.AddWithValue("@TeamMemberType", dr[5]);