Problem with adding SQL paramerters from data access Layer in c#

First I am giving examples of two methods

public static List<FormGridEntity> GetAllCandidatesByProgram(string programShortName)
    {
        List<FormGridEntity> formGridEntities = null;
        try
        {
            string cmd = SELECT + " WHERE " + CANDIDATE_PROGRAM_PA + " = " +       CANDIDATE_PROGRAM;`enter code here`
            //string cmd = SELECT

            DAOParameters dps = new DAOParameters();
            dps.AddParameter(CANDIDATE_PROGRAM_PA, programShortName);
            List<SqlParameter> ps = Common.Methods.GetSQLParameters(dps)开发者_开发技巧;
            SqlDataReader dataReader = QueryHandler.ExecuteSelectQuery(cmd, ps);
            formGridEntities = Maps(dataReader);
            dataReader.Close();
        }

        catch (Exception exception)
        {
            throw exception;
        }
        return formGridEntities;
    }

and another method is

public static List<FormGridEntity> GetAllCandidatesByDates(DateTime initialDate,DateTime finalDate)
    {
        List<FormGridEntity> formGridEntities = null;
        try
        {
            string cmd = SELECT + " WHERE " + FORM_SUBMISSION_DATE_PA + " BETWEEN " + initialDate + " AND " + finalDate;
            //string cmd = SELECT

            DAOParameters dps = new DAOParameters();
            //What will I do here? since 
            **//dps.AddParameter(FORM_SUBMISSION_DATE_PA, initialDate);
            //dps.AddParameter(FORM_SUBMISSION_DATE_PA, finalDate);**
            List<SqlParameter> ps = Common.Methods.GetSQLParameters(dps);
            SqlDataReader dataReader = QueryHandler.ExecuteSelectQuery(cmd, ps);
            formGridEntities = Maps(dataReader);
            dataReader.Close();
        }

        catch (Exception exception)
        {
            throw exception;
        }
        return formGridEntities;
    }

I have commentd out

Here the caps terms are all constants that above in the class like

private const string FORM_PURCHASING_DATE = "DateOfPurchase";
private const string FORM_PURCHASING_DATE_PA = "@DateOfPurchase"
private const string FORM_SUBMISSION_DATE = "DateOfSubmission";
private const string FORM_SUBMISSION_DATE_PA = "@DateOfSubmission";

the SELECT is also defined correctly. I am using this Layer perfectly. But now a scenario ocurred where I am getting confused what to do. So far I have been adding values with parameter that has one to one relationship. But, in my second method, I am using the between operator where two values is referring to one parameter, what will I write here to make the things working properly. I have commented out the particular region that I want to modify. please help me if possible. Here is the method GetSQLParameters public static List GetSQLParameters(DAOParameters dps) { List parameters = new List();

        foreach (DictionaryEntry de in dps.hs)
        {
            SqlParameter p = new SqlParameter();
            p.ParameterName = de.Key.ToString();
            if (de.Value.ToString() == Convert.ToString(0))
            {
                p.Value = DBNull.Value;
            }
            else
            {
                p.Value = de.Value;
            }

            parameters.Add(p);
        }

        return parameters;

---

In GetAllCandidatesByDates(), perhaps you should have:

FORM_SUBMISSION_DATE + "BETWEEN @initialDate AND @finalDate"

And then bind initialDate to "@initialDate" parameter and finalDate to "@finalDate" parameter? The way you have it now, you are not using parameters for these dates, but instead converting concrete DateTime values to strings and concatenating these strings directly into your final SQL.