OK, I edited my answer to use a different approach. You can do the following. When you create a SqlDataSource in VS, it adds the SelectCommand in the aspx. Set the command to nothing and add a SelectParameter, like this:
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>" SelectCommand="">
<SelectParameters>
<asp:Parameter DefaultValue="" Name="param1" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Now in the code behind, you can change the SelectCommand and pass it a param like this:
{
// Run this on a click or selected index change
string m_param = "2012"; //this would be something like Textbox1.Text
this.SqlDataSource1.SelectParameters[0].DefaultValue = m_param;
this.SqlDataSource1.SelectCommand = "SELECT ID, FILENAME FROM drmc.checksum WHERE FILENAME LIKE '%" + this.SqlDataSource1.SelectParameters[0].DefaultValue + "%'";
}
You will need to test the "Textbox1.Text" value against SQL Injection. Regex is good for this.