Your:
cmd.CommandType = "INSERT INTO Students(StudentID, StudentName, StudentCNCI,
StudentDOB) Values('" + StudIDTxt.Text + "','" + StudNameTxt.Text + "','" +
StudCNCITxt.Text + "','" + StudDOBTxt.Text +")";
should be
cmd.CommandText = "INSERT INTO Students(StudentID, StudentName, StudentCNCI,
StudentDOB) Values('" + StudIDTxt.Text + "','" + StudNameTxt.Text + "','" +
StudCNCITxt.Text + "','" + StudDOBTxt.Text +"')";
You made a typo.
Also, single quote was missing - (StudDOBTxt.Text +")"
) should have been StudDOBTxt.Text +"')"
- that would cause syntax error on the SQL server side.
As for parametrized form of your query (form that is safe from SQL injection attack), it would have to use question marks instead of named parameters (that's how it works in ODBC when command type is text), it would be something like this:
cmd.CommandText = @"INSERT INTO Students(StudentID, StudentName, StudentCNCI, StudentDOB)
Values(?,?,?,?)";
cmd.Parameters.Add(new OleDbParameter("p1", StudIDTxt.Text));
cmd.Parameters.Add(new OleDbParameter("p2", StudNameTxt.Text));
cmd.Parameters.Add(new OleDbParameter("p3", StudCNCITxt.Text));
cmd.Parameters.Add(new OleDbParameter("p4", StudDOBTxt.Text));