Two things:
1) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never trust user input: parse your dates into DateTime values (reporting problems to the user) and pass the DateTime values to SQL
Dim dtFrom as DateTime
If Not DateTime.TryParse(txtdtf.Text, dtFrom) Then
...
Return
End If
Dim dtTo as DateTime
If Not DateTime.TryParse(txtdtt.Text, dtTo) Then
...
Return
End If
Dim cmd As New OleDb.OleDbCommand("SELECT * FROM pur_inv,inv_type, party_ldg WHERE pur_inv.partyID=party_ldg.partyID AND pur_inv.invtypid=inv_type.invtypid AND purinvdt BETWEEN @DF AND @DT ORDER BY purinvdt", cn)
cmd.Parameters.AddWithValue("@DF", dtFrom)
cmd.parameters.AddWithValue("@DT", dtTo)
...