First off - you're trying to use inline codeblocks, it seems, like in the old Classic ASP days. It's no longer done this way in ASP.Net. Since ASP.Net is event-driven, all code code is in event handlers (subs/functions). In this case, what you'd probably need to do is to create/Dim some global variables in your page (outside any events), and inside the Page_Load event, assign the variable names, just like you did

Therefore, you would not use a code block segment, either, in the SelectCommand property of a SQLDataSource control. That is for the SQL statement or Stored Procedure name only.

Also - if you haven't heard about SQL Injection attacks, you need to learn now....instead of using concatenated SQL statements, the answer to SQL Injection attacks, in this case, is parameterized queries. Check out this 2 part tutorial on Parameterized Queries at ASPNet101.com:
http://aspnet101.com/aspnet101/tutorials.aspx?id=1

That being said, you can use a SQL statement (Select [Field list] from [Table name] where Field1=@Field1 and Field2=@Field2, etc

Then, inside your SQLDataSource, use the parameters section to assign where the data for each parameter is coming from.