Do not try to concatenate a string to build a correct sql command.
This leads only to parsing problems and Sql Injection Attacks.
Use instead a parameterized query
int isok = 0;
try
{
// Now your query is more readable and there are no more formatting problems here
SqlCommand cmd_cust = new SqlCommand(@"insert into custdetail values
(@invNo,@custName,@contact,@address,@amount,@dt)",
con_create);
con_create.Open();
cmd_cust.Parameters.AddWithValue("@invNo",txtInvoiceNo.Text );
cmd_cust.Parameters.AddWithValue("@custName",txtCustomerName.Text );
cmd_cust.Parameters.AddWithValue("@contact",txt_contact.Text);
cmd_cust.Parameters.AddWithValue("@address",txtAddress.Text.Text);
// The following parameter could require a conversion if the db field is not of text type
// cmd_cust.Parameters.AddWithValue("@amount", Convert.ToDecimal(txt_total_amt.Text));
cmd_cust.Parameters.AddWithValue("@amount", txt_total_amt.Text);
cmd_cust.Parameters.AddWithValue("@dt",dt_date.Value );
isok= cmd_cust.ExecuteNonQuery();
con_create.Close();
}
Using a parameter you don't need to worry how to format a DateTime value to a string, you pass directly the DateTime value as expected by the database field. It is the framework job to correctly pass this value to the underlying database table.
This is true also for the other fields like the string ones. If your user types a single quote inside one of your textboxes you get a syntax error with the string concatenation. The quote typed by your user mistakenly closes the value leaving the remainder of the text as invalid sql text
(e.g. textCustomerName.Text = O'Brian
becomes ....,'O'Brian' ,....
)