I'm guessing you're used to Access, given the hashes. Surround your datetime values in single quotes as opposed to #'s. You've got one date surrounded by #'s and several more that aren't surrounded by ANYTHING. Look close.


Also, sanitize your inputs using either stored procedures or parameterized/prepared statements. If you put this page up anywhere on the actual internet, I could find it and completely destroy your database, among other things.

I'm not kidding. Google around for "sql injection".

Also, gvee wanted to know what the final string looks like AFTER it has been constructed. Something along these lines:

Response.Write("select distinct(Dist_Win_Name) from Distributers ,Daily_transaction where Distributers.Dist_Win_Name not in (select Dist_Name from Daily_transaction where Daily_transaction.Agent_No ='" + ComboBox1.SelectedItem + "'and Daily_sts='" + str1 + "' and Tran_Date between " + DateTimePicker1.Value + " and " + DateTimePicker1.Value + " and Distributers.Agent_No=Daily_transaction.Agent_No and Distributers.Agent_Name= Daily_transaction.Agent_Name and Daily_transaction.Agent_Name ='" + ComboBox1.SelectedItem + "'and Daily_sts='" + str1 + "'and Tran_Date between " + DateTimePicker1.Value + " and " + DateTimePicker1.Value + "")