And while you're refactoring,
you should consider using a PreparedStatement. You say you don't have time to do that now; if you had done it before, you
wouldn't have had the error caused by the date format, because you wouldn't have had to format any dates.
I do recommend doing the refactoring sooner rather than later (i.e. before that code goes into production) as generating queries the way you have done it
leaves you open to SQL injection attacks.