I would take a look at the value of the
typeDisc
(assuming it is a
string) and see if there has a single quote in it. If so, you need to escape it by replacing it with two single quotes. On the other hand, if it is an
enum variable, then you should use the ToString() function to get its value. Next, look at the
Date
. If this is a DateTime object, then you will need to use one of the ToString() functions (possibly with the necessary format string) to get the value.
If
SalesDate
is a
datetime datatype, then you may need to do your comparison filter by converting it to a
date datatype to ignore the time element:
"...AND CONVERT([date], SalesDate) = CONVERT([date], '" + Date + "')"
Having said this, it is worth noting that sql queries like this are subject to sql injection attacks. Using parameters is a better method.