Working with access database in C#

using System;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.OleDb;

public partial class _Default : System.Web.UI.Page
{
OleDbConnection Con = null;
OleDbCommand cmd = null;
OleDbDataReader reader;
protected void Page_Load(object sender, EventArgs e)
{


}
protected void btnUpdate_Click(object sender, EventArgs e)
{
Con = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = " + Server.MapPath("iTrack.mdb"));
Con.Open();
string t_date = txtDate.Text;
string t_location = txtLocation.Text;
string t_descrip = txtNotes.Text;
string t_time = txtTime.Text;
cmd = new OleDbCommand("INSERT INTO bills (Transaction_date,Location,Transaction_Description,TTime)values('" + t_date + "','" + t_location + "','" + t_descrip + "','" + t_time + "')", Con);

cmd.ExecuteNonQuery();

Response.Write("Added");
cmd.Dispose();
Con.Close();
cmd = null;
Con = null;

}


protected void btnRetrieve_Click1(object sender, EventArgs e)
{
try
{
Con = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = " + Server.MapPath("iTrack.mdb"));
Con.Open();
cmd = new OleDbCommand("SELECT * from Bills where Awb='"+DropDownList1.SelectedValue.ToString()+"'", Con);
reader = cmd.ExecuteReader();
while (reader.Read())
{
txtDate.Text = reader["Transaction_date"].ToString();
txtLocation.Text = reader["Location"].ToString();
txtNotes.Text = reader["Transaction_Description"].ToString();
txtTime.Text = reader["TTime"].ToString();
plDetails.Visible = true;
}
}
catch (Exception exception)
{
Response.Write("Exception Message " + exception.Message.ToString());
}

finally
{
cmd.Dispose();
cmd = null;
Con.Close();
Con = null;
}

}
}