There are a couple of issues going on here. Any form field that ends in _date is a form validation criteria. So the form field needs to be renamed todate and fromdate. Next it is good that you are trying to sanitize the input. cfqueryparam
is used to do that. Last but not least, between is cleaner SQL Your query should look a little like:
<cfif isDate(form.fromDate) AND isDate(form.toDate)>
<cfquery name="qryUser_Activation_Events">
SELECT *
FROM user_activation_events
WHERE STATUS_CODE =1
AND event_date BETWEEN <cfqueryparam cfsqltype="CF_SQL_date" value="#form.fromDate#">
AND DATEADD(d, 1, <cfqueryparam cfsqltype="CF_SQL_date" value="#form.toDate#">)
ORDER BY ...
</cfquery>
<cfelse>
<!--- Error handling goes here --->
</cfif>