vb.net - Parameterizing sql in vb -

i have module call procedure , , want parametrize it. i'm sending string query procedure module . in google not find answer problem.

procedures.insert("insert technician (tec_name, tec_email, rol_id) values ('" & txt_tech.text & "',  '" & txt_tech_email.text & "', " & cbo_tech_role.selectvalue.tostring & ")", "technican add correct") 

======================================== change .....

procedures.insert("insert technician (tec_name, tec_email, rol_id) values ('@tech_name',  '@tech_email', '@tech_role' ")", "technican add correct") 

================ dont know can parametrized

 public sub insert(query string, msg string)     dim cn new sqlconnection(cs)     dim cmd new sqlcommand     try         cn.open()         cmd             .commandtype = commandtype.text             .commandtext = query             .connection = cn             .parameters.addvaluewith("@tech_name",txt_tech_name.text)             .parameters.addvaluewith("@tech_email",txt_tech_email.text)             .parameters.addvaluewith("@tech_rol",txt_tech_role.selectvalue.tostring)             .executenonquery()         end         messagebox.show(msg, "insert", messageboxbuttons.ok, messageboxicon.information)     catch ex exception         messagebox.show(ex.message.tostring, ".  :  :    error    :  :  .", messageboxbuttons.ok, messageboxicon.error)             if cn isnot nothing andalso cn.state <> connectionstate.closed             cn.close()             cn = nothing         end if     end try end sub 

because have module separate main code , i'm not able call textboxes because separate main module ... idea on how ?? ... dont hard .. 14 week working vb.. :/

add insert function parameter sqlparameters

public sub insert(query string, msg string, params sqlparameter())     dim cn new sqlconnection(cs)     dim cmd new sqlcommand     try         cn.open()         cmd             .commandtype = commandtype.text             .commandtext = query             .connection = cn             if params isnot nothing andalso params.count > 0                 .parameters.addrange(params)             end if             .executenonquery()         end         messagebox.show(msg,                          "insert",                          messageboxbuttons.ok,                          messageboxicon.information)     catch ex exception         messagebox.show(ex.message.tostring, ".  :  :    error    :  :  .",                        messageboxbuttons.ok,                         messageboxicon.error)             if cn isnot nothing andalso cn.state <> connectionstate.closed             cn.close()             cn = nothing         end if     end try end sub 

then use this:

dim query string = "insert technician (tec_name, tec_email, rol_id) values (@tech_name, @tech_email, @tech_role)" dim msg string = "technican add correct" dim params sqlparameter() = {new sqlparameter("@tech_name",txt_tech_name.text),                                 new sqlparameter("@tech_email",txt_tech_email.text),                                 new sqlparameter("@tech_rol",txt_tech_role.selectvalue.tostring)}  procedures.insert(query, msg, params) 

using array of sqlparameter give possibility using same function parameter type other string