As Richard pointed out, don't do it this way. Not only does it lead to syntax issues but it is very easy to hack your db when you write code this way. Instead do like this:
Dim q As String = "UPDATE Table1 SET " &
"FirstName=@FirstName" &
"',SecondName=@SecondName" & ...
"WHERE ID=@ID"
...
cmd.Parameters.AddWithValue("@FirstName", txtFirstName.Text)
cmd.Parameters.AddWithValue("@SecondName", txtSecondName.Text)
...
cmd.Parameters.AddWithValue("@ID", txtID.Text)