You want to use parameters so that you don't have sql injection security issues.
For example:
string insert = "INSERT INTO doctor VALUES (@field1, @field2..."
sqlcm.Parameters.AddWithValue("@field1", txtField1.Text);
...
That will also solve your syntax issue.