SQL query with BETWEEN operator causes "Syntax error in number in query expression"

Question

I'm using a MS Access database. I want to get first and last records that are in between 2 dates. But I get error when using a BETWEEN operator:

Syntax error in number in query expression 'Datum_k BETWEEN 3.4.2017. AND 3.4.2017.'.

My code:

private void GetPrviZadnjiBrojRacuna()
{
    OleDbCommand commandOD = new OleDbCommand("SELECT Dokument FROM DnevniPromet WHERE (Datum_k BETWEEN " + datumOd + " AND " + datumDo + ") ORDER BY [Datum_k] ASC", dataModel.CS);
    OleDbCommand commandDO = new OleDbCommand("SELECT Dokument FROM DnevniPromet WHERE [Datum_k] >= " + datumOd + " AND [Datum_k] <= " + datumDo + " ORDER BY [Datum_k] DESC", dataModel.CS);

    try
    {
        dataModel.DT.Clear();
        OleDbDataAdapter ODbDA = new OleDbDataAdapter(commandOD);

        if (!dataModel.CS.State.Equals(ConnectionState.Open))
        {
            dataModel.CS.Open();
        }

        // GET OD 
        ODbDA.Fill(dataModel.DT);
        odRacuna = dataModel.DT.Rows[0].ToString();

        // GET DO
        ODbDA.SelectCommand = commandDO; 
        dataModel.DT.Clear();
        ODbDA.Fill(dataModel.DT);

        doRacuna = dataModel.DT.Rows[0].ToString();

        dataModel.CS.Close();
        dataModel.DataLoaded = true;
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.ToString());
    }
}

Answer 1

Addressing two issues with your code snippet:

• You should never use string interpolation to build a query. This lends itself to SQL injection. Many, many topics surrounding this. I suggest you read up.
• You have missed the ' single quotes around your date strings.

Using parameterised queries, you can kill two birds with one stone:

OleDbCommand commandOD = new OleDbCommand(@"
    SELECT Dokument
    FROM DnevniPromet
    WHERE (Datum_k BETWEEN @datumOd AND @datumDo)
    ORDER BY [Datum_k] ASC", dataModel.CS);

commandOD.Parameters.AddRange(new OleDbParameter[]
{
    new OleDbParameter("@datumOd", datumOd),
    new OleDbParameter("@datumDo", datumDo)
});