Cheers Procasinator, I'm a little confused as to what the parameters are actually doing and how are they making the SQL more secure?
It's to do with sql injection. If your user enters something into an input on your form like "''; delete from table1" and you don't use parameters just append what they have entered to your sql then all rows in your table will be deleted:-
"select a, b, c from table where name = " & nameInput.Text
will result in a sql statement like this:-
select a, b, c from table where name = ''; delete from table1
Using parameters avoids this completely.