There could be any number of problems, but the most likely is that you have not listed the column names that you expect to populate with the data listed in the VALUES clause. Generally speaking, it is good procedure to explicitly list the column names like so (and these names are fictitious...just for example's sake):
Let's say for instance that the table has an identity column "empID". If you don't explicitly list the column names, the INSERT statement will assume you mean for your first value to go into that column.
There could also be mismatched datatypes, but we'll ignore that for now. Or, heaven forbid, you get your columns in a different order than your VALUEs.
As a final word of advice, whenever you get odd errors you may want to just print the value of your variable "sql" and paste in an SSMS query window and see if it actually works. Sometimes when you strip away all the dynamic construction code and see what's actually being executed, the error will jump out at you.