Agree with what people are saying regarding the sql injection etc... however to get back to the op question...!
Where do you declare your report parameters?
Normally I do something like:...
Dim rptParameter As ReportParameter
rptParameter = New ReportParameter("Title", "Report Title Name")
rptViewer1.LocalReport.SetParameters(rptParameter)
Without checking this may need to be an array of parameters...