The main problem is that you're concatenating the data from UI objects directly to your SQL statement. This introduces conversion problems and leaves you open to SQL injections.
The correct way to do this is to use
OleDbParameter Class (System.Data.OleDb)[
^]
So the code should look something like
OleDbConnection con2 = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=F:\Consoldetails.accdb");
private void button4_Click(object sender, EventArgs e)
{
OleDbCommand command = new OleDbCommand();
command.Connection = con2;
string query = "select * from Finaldetails where (" + this.comboBox1.SelectedItem + ") LIKE (?) and Date between ? and ? and Status = 'Approved'";
command.CommandText = query;
command.Parameters.Add("@v1", OleDbType.VarChar, 100).Value = this.textBox1.Text;
command.Parameters.Add("@v2", OleDbType.Date).Value = this.dateTimePicker1.Text;
command.Parameters.Add("@v3", OleDbType.Date).Value = this.dateTimePicker2.Text;
OleDbDataAdapter da = new OleDbDataAdapter(command);
DataTable dt = new DataTable();
da.Fill(dt);
dataGridView1.DataSource = dt;
con2.Close();
}
I do not know the actual data types so you have to adjust to code based on the requirements. Also I don't have a compiler at hand so sorry about any typos.
For more examples, have a look at
Properly executing database operations[
^]. Even though the example uses SqlParameters, the idea is the same