Your concatenated execute doesn't have single quotes for your date strings.
Change
'cast(Cast(CAST(' + @FromDate + ' as datetime) as float) as int)'
To
'cast(Cast(CAST(''' + @FromDate + ''' as datetime) as float) as int)'
And repeat for to date
What you're currently trying to execute is:
cast(Cast(CAST(31-12-2012 as datetime) as float) as int)
I'm surprised you're not getting an error.
But this type of SQL execution is dangerous.
I could potentially use your application to submit this:
';DELETE FROM ReportData;'
The semi colon would terminate the first part of the statement, which would error, and then it would run my delete command.
This type of attack is known as an SQL Injection attack.
Using sp_ExecuteSQL would allow you to safely pass your parameters into your dynamic SQL.
Info on SQL Injections
https://www.owasp.org/index.php/SQL_Injection[
^]
Info on sp_ExecuteSQL vs Execute and using parameters
Building Dynamic SQL In a Stored Procedure[
^]