Use Parameters in your sql command!
Try something like this:
Dim table As New DataTable()
Dim query As String = "select Billno,Billdate,PName,Qty,TName from CancelOrder where @Billdate1 >= @Billdate2"
Using cn As New SqlConnection(Configuration.DefaultConnectionString)
Using cmd As New SqlCommand(query.ToString(), cn)
cmd.Parameters.Add("@Billdate1", SqlDbType.DateTime).Value = Billdate1
cmd.Parameters.Add("@Billdate2", SqlDbType.DateTime).Value = Billdate2
cn.Open()
Using reader As SqlDataReader = cmd.ExecuteReader(CommandBehavior.CloseConnection)
table.Load(reader)
End Using
End Using
End Using
You can also Google the following "vb.net using sqlcommand parameters".
Cheers