The query should generate an exception since you're missing (or having an extra) parenthesis.
Also never concatenate literal values to your query. For example, try what happens if you input "some'text" to TextBox1. Use
SqlParameter[
^] with your queries. So the query could look like:
...
string que = @"
select *
from Table4
where (status=@status and [date]=@date and duedate=@duedate) or (status=@status)";
command.Parameters.AddWithValue("@status", Session["status"]);
command.Parameters.AddWithValue("@date ", Session["date"]);
command.Parameters.AddWithValue("@duedate", Session["duedate"]);
...
Since you have currently used just a SQL string, you would need a
SqlCommand[
^] to properly assign parameters. Also note that if you use reserved words, enclose them with
[]
Also it looks like all your columns in the table are strings but you use date data. Always try to use proper data types (for example
date
or
datetime2
for date columns). This eliminates unnecessary type conversions etc.