Here is the code you need to start adding parameters to your sql commands:
Add parameter then add value:
Dim cmd As SqlCommand = New SqlCommand(s,c)
cmd.Parameters.Add("@id", SqlDbType.Int)
cmd.Parameters("@id").Value = foo
or
Add parameter with value:
command.Parameters.AddWithValue("@id", foo)