C# insert datetime to DBF file -

i'm getting syntax error in below code. testing, it's coming field "tax_month" datetime. can't figure out how insert value in datetime format.

schema of field:

columnname:       tax_month, columnordinal:    0, columnsize:       6, numericprecision: 10, numericscale:     0, datatype:         system.datetime, providertype:     23 

this c# code:

string path = @"c:\purchases\data\"; string filename = "purchase.dbf"; datetime tax_month = datetime.fromoadate(41305); private void button1_click(object sender, eventargs e) {     odbcconnection dbfconn = new odbcconnection();     dbfconn.connectionstring = @"driver={microsoft visual foxpro driver};sourcetype=dbf;exclusive=no;collate=machine;null=no;deleted=yes;backgroundfetch=no;sourcedb=" + path;     dbfconn.open();     odbccommand ocmd = dbfconn.createcommand(); // needed query data     ocmd.commandtext = "insert " + filename + " ('tax_month') values ("+tax_month+")";     int inserted = ocmd.executenonquery();     dbfconn.close();     messagebox.show("number of rows inserted:"+inserted); } 

try use parameterized query , let work parse datatime net framework code

using(odbcconnection dbfconn = new odbcconnection()) {     dbfconn.connectionstring = @"driver={microsoft visual foxpro driver};sourcetype=dbf;exclusive=no;collate=machine;null=no;deleted=yes;backgroundfetch=no;sourcedb=" + path;     dbfconn.open();     odbccommand ocmd = dbfconn.createcommand(); // needed query data     ocmd.commandtext = "insert " + filename + " +         "(tax_month,seq_no,tin,registered_name,last_name,first_name,middle_name,address1," +          "address2,gpurchase,gtpurchase,gepurchase,gzpurchase,gtservpurchase,gtcappurchase," +          "gtothpurchase,tinputtax,tax_rate) values (" +          "?, 3, '222333445','test company','','','','di makita street','mandaluyong 1602', " +          "52107.14, 49107.14, 1000, 2000, 3000, 4000, 42107.14, 5892.86, 12)"     ocmd.parameters.add("@p1", odbctype.datetime).value = tax_month;     int inserted = ocmd.executenonquery(); } 

also, column names should written without single quotes around. use of parameter query has added benefit avoid sql injection, though code not safe because table name appended string concatenation