Don't.
Wherever you copied that from, it's a dangerous way to do things: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Exactly how you do that will depend on the language you are using to access SQL server - and that fragment looks like it probably C#.
So it'll be something like:
using (SqlConnection con = new SqlConnection(strConnect))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("SELECT (invoiceNo) as [Invoice No],(InvoiceDate) as [Invoice Date],(Sales.CustomerID) as [Customer ID],(CustomerName) as [Customer Name],SubTotal as [SubTotal],VATPercentage as [Vat+ST %],VATAmount as [VAT+ST Amount],(GrandTotal) as [Grand Total],(TotalPayment) as [Total Payment],(PaymentDue) as [Payment Due],Remarks from Sales,Customer where Sales.CustomerID=Customer.CustomerID and InvoiceDate between @FROM And @TO", con))
{
cmd.Parameters.AddWithValue("@FROM", dtpInvoiceDateFrom.Value);
cmd.Parameters.AddWithValue("@TO", dtpInvoiceDateTo.Value);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
...
}
}
}
}