This is horrible code. BURN it. I can erase your database if I can browse to this web page. Read up on SQL injection attacks.
Instead, write a proc that does this
where (@from is null or docdate > @from) and (@to is null or docdate < @to) and (@firstName is null or FirstName = @FirstName)
That's how you create optional parameters in SQL.
Once you do things properly, it will just start working, I am sure. I do recommend learning to use your debugger though. If you were to intercept the generated SQL and run it in your Management Studio, I bet you'd find out why it's not working as you expect.