1) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. So convert your date strings to DateTime values, report any problems to the user, and pass DateTime values directly to SQL via parameters.
2) This is the one you've noticed: BETWEEN has a specific syntax, as you have used in teh first query:
SELECT ... WHERE value BETWEEN start AND end
Your second version replaces AND with a comma and adds more rubbish (as far as SQL is concerned) at the end:
WHERE Date between' " + strDate + "','" + endDate + "','"+UserName+" ' "