The very first thing you must do is performa parameterized query. What that means is creating an array of SqlParameter objects, and passing them to the SqlCommand object. Finally, you can replace all of the hard coded values with the appropriate parameter names, something like this:
SqlParameter[] parameters = new SqlParameter[]
{
new SqlParameter("@variable1", datetimepicker1),
new SqlParameter("@variable2", datetimepicker2),
};
string query = "select * from mytable where somefield = @variable1 and someotherfield = @variable2";
using (SqlConnection conn = new SqlConnection(myconnectionstring))
{
using (SqlCommand cmd = new SqlCommand(query, conn))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddRange(parameters);
.... the rest of your code
}
}
The code above is for a real database, so you'll have to adapt it to your hippy-dippy my-sql stuff.
Then if your code is still failing, come back and
TELL US WHERE IT'S FAILING, because we're not freakin' mind readers.