That's a single quote, not a single collon.

You should not use string concatenation to build SQL strings. If you always do it the proper way and use parameters this sort of thing is never an issue. Follow the Data Access link in my signature for some ADO.NET code examples involving parameters.