>public partial class OffPage : System.Web.UI.Page >{ > SqlConnection con3 = new SqlConnection(ConfigurationManager.ConnectionStrings["LoginCS"].ConnectionString); > SqlCommand cmd3 = new SqlCommand(); > > protected void Page_Load(object sender, EventArgs e) > { > con3.Open(); > } > protected void Button1_Click(object sender, EventArgs e) > { > if (Convert.ToInt32(RadioButtonList1.SelectedValue) == 0) > { > TextBox1.Text = "Pending"; > SqlDataSource2.FilterExpression = "fld1 = " + TextBox1.Text; > } > if (Convert.ToInt32(RadioButtonList1.SelectedValue) == 1) > { > TextBox1.Text = "FWD"; > SqlDataSource2.FilterExpression = "fld1 = " + TextBox1.Text; > } > > } > } >Your problem is in not using the parameters. I also don't understand why do you mix SqlDataSource and SqlCommand. If you're using SqlCommand, look into SqlParameter, declare parameters for each of your expressions.