You have two problems:
1. Your code is wide open to SQL injection...Never use string concatenation to create queries, use parametrized queries!
2. You do not add spaces between the parts of the query...
This:
"from DISPATCH , BALES , NWTHAN"+
"where DISPATCH.Bill_no='"
Is equal to his:
"from DISPATCH , BALES , NWTHANwhere DISPATCH.Bill_no='"
As you can see no space between the last able and the
where
...
You have the very same at the
order by
...