Member 9328847 wrote:
Dim sSql As XElement
sSql = <sql>
SET [fldOnCallGroup] = ...
XElement to build your dynamic query won't prevent SQL injection[^]. You need to use a parameterized command instead.
Also, your code is trying to execute exactly the same query that's set for the
UpdateCommand of the
SqlDataSource control. If you remove the event handler, the control will perform the update for you.
MsgBox calls will never work; if they did, the message box would appear on the server, where nobody would ever see them, and your page would be stuck waiting for someone to click "OK".
"These people looked deep within my soul and assigned me a number based on the order in which I joined."