You'll have to pass the data correctly to your SQL statement. The way you've created your insert statement is probably missing quotes (can't tell without knowing what the table looks like), so you'll get the error from that.
But instead of constructing a
String
containing your insert statement, use a prepared statement. This has a couple of advantages: you don't have to worry about data types, escaping quotes in the text, or things such as SQL injection. You can find such an example at
MSDN[
^].