That's wrong
Yes, have you heard about
SQL injection[
^]? Never concatenate strings to for SQL things. Use parametrized queries.
SqlCommand cmd = new SqlCommand("SELECT Sheetno,VehicleNo,EDate,SKM,EKM,TKM,Driver1,Driver2,Cleaner,AdvAmt,Mile,Tfrieght,Trecv,TBal,TEAmt,NetBal FROM TripSheet WHERE VehicleNo =@VehicleNo AND EDate BETWEEN @FromDate AND @ToDate",con);
cmd.Parameters.AddWithValue("@VehicleNo", cb_VehNo.Text);
cmd.Parameters.AddWithValue("@FromDate", dtp_Fdate.Value);
cmd.Parameters.AddWithValue("@ToDate", dtp_Ldate.Value);
Interesting read -
Give me parameterized SQL, or give me death[
^]