|Two words: "Parameterized Queries".
If you try and concatenate strings together, like you are in this code, you have to worry about putting the strings together with the correct date format. Using parameterized queries, the Parameters objects take care of that for you! You don't have to worry about getting the format right!
You can find out more about them in Colin's article SQL Injection Attacks and Some Tips on How to Prevent Them[^].
Microsoft MVP - Visual Basic