Your code is vulnerable to
SQL Injection[
^].
NEVER use string concatenation to build a SQL query.
ALWAYS use a parameterized query.
Fixing that security vulnerability will almost certainly fix your problem at the same time.
Using conn As New SqlConnection("...")
Using cmd As New SqlCommand("INSERT INTO Abc.dbo.Dbe (AccountID, SecurityID, Quantity, OriginalCost, Commitment, AdvisorName, ClientName, ARIMarketValue) VALUES (@AccountID, @SecurityID, @Quantity, @OriginalCost, @Commitment, @AdvisorName, @ClientName, @ARIMarketValue)", conn)
cmd.Parameters.AddWithValue("@AccountID", moAccount.AccountID)
cmd.Parameters.AddWithValue("@SecurityID", moSecurity.SecurityID)
cmd.Parameters.AddWithValue("@Quantity", 0)
cmd.Parameters.AddWithValue("@OriginalCost", 1021)
cmd.Parameters.AddWithValue("@Commitment", 0)
cmd.Parameters.AddWithValue("@AdvisorName", "abc")
cmd.Parameters.AddWithValue("@ClientName", "cde")
cmd.Parameters.AddWithValue("@ARIMarketValue", 1021)
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]