Don't use concatenation for queries. Rather use parameterized query to avoid SQL Injection. Read -
Parameterized Queries ADO.Net[
^].
Next is, handle the exception like...
catch(Exception ex)
Then start debugging and see what is the exception. That would give you the details of the problem in the current code.