First of all, you are applying
BETWEEN
to strings, but apparently you need to apply it to dates. Please see, for example:
http://www.techonthenet.com/sql/between.php[
^].
Worse, the way you compose your query is wrong from the very beginning. Your query is composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are
immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called
SQL injection. The text taken fro UI can be anything, including… fragment of SQL code.
This is how it works:
http://xkcd.com/327[
^].
What to do? Just read about this problem and the main remedy:
parametrized statements:
http://en.wikipedia.org/wiki/SQL_injection[
^].
Please see:
https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java[
^],
http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html[
^],
https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet[
^].
Please see my past answers for some more detail (they are on .NET, so for Java-specific directions, see the links above):
EROR IN UPATE in com.ExecuteNonQuery();[
^],
hi name is not displaying in name?[
^].
—SA