使用参数化查询，它应该是ove解决问题。

OleDbCommand.Parameters属性（System.Data.OleDb） [ ^ ]



例如:(未经测试）

Use a parameterized query and it should overcome the problem.
OleDbCommand.Parameters Property (System.Data.OleDb)[^]

Exampe: (untested)

cmd = New OleDbCommand("SP_ExpEntry", con)
cmd.CommandType = CommandType.StoredProcedure

cmd.Parameters.AddWithValue("@OperationId", 1)
cmd.Parameters.AddWithValue("@Eid", TxtEXid.Text)
cmd.Parameters.AddWithValue("@ExDt", PKREXdt.Value)
cmd.Parameters.AddWithValue("@EnDT", PkrEntryDt.Value)

正如@losmac所建议的，这里有一些关于SQL注入的资源以及为什么参数化查询***...

SQL注入 - OWASP [ ^ ]

SQL注入预防备忘单 - OWASP [ ^ ]

bobby-tables.com：防止SQL注入的指南 [ ^ ]

As suggested by @losmac here are some resources about SQL Injection and why parameterized queries are best...
SQL Injection - OWASP[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
bobby-tables.com: A guide to preventing SQL injection[^]