Um.
First off, don't do that. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
But look at what text your query as written generates:
SELECT * FROM tblPurchase WHERE Pur_Date between '2016-03-01'and '2017-02-28'and'prname'
lets add a few brackets, and you can see what SQL is looking at:
SELECT * FROM tblPurchase WHERE (Pur_Date BETWEEN '2016-03-01' AND '2017-02-28') AND 'prname'
So SQL expects
prname
to be a boolean expression.
Probably, you mean something like:
... AND 'prname' = 'myusername'
But that's up to you.
And I'm serious about the string concatenation : fix it everywhere in your app, or your best mate will delete your DB just to see the look on your face...