First, don't use string concatentation to build queries like this. Use parameterized queries instead. Just Google for "vb.net parameterized queries" for a ton of articles and examples.
Next, the way tou have this query string build, your SQL query will look like this when it's executed:
SELECT StaffID, StaffPass FROM StaffInfo WHERE StaffID = 0 AND StaffPass = K1234
NOtice anything wrong with that? If you want to match a string field, you have to wrap the string in quotes:
SELECT StaffID, StaffPass FROM StaffInfo WHERE StaffID = 0 AND StaffPass = 'K1234'
So, your query line would look like:
.CommandText =
String.Format(
"SELECT StaffID, StaffPass FROM StaffInfo WHERE StaffID = {0} AND StaffPass = '{1}'", id, pass),
But again, ditch this and use parameterized queries instead.