vb.net Sql server Query Parametrized Select Statement

This Sample Code Clarify how to call Sql statement using Parameters to Avoid Sql Injection problem

 Dim dsEmails As New DataSet()

Using connection As New SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings("mwa_mwa_gov_saConnectionString").ToString())

 Dim myDataAdapter As New SqlDataAdapter("SELECT [ID], [UserId], [UserName], [FirstName], [FatherName],[GrandfatherName], [FamilyName], [Email], [SubscriptionNo], [MobileNo] From IUSers Where ID=@ID", connection)
                        myDataAdapter.SelectCommand.Parameters.Add("@ID", SqlDbType.Int, 11)
                        myDataAdapter.SelectCommand.Parameters("@ID").Value = Convert.ToInt32(s) 'Request.Cookies("ID").Value)
   myDataAdapter.Fill(dsEmails)
   connection.Close()
   myDataAdapter.Dispose()

 End Using