Firstly,
never ever, ever, ever... write a SQL query into a string like that.
You are opening yourself up for a SQL Injection Attack if someone decides to write some code that appends to the string - read up on it if you don't know what this means.
I know in this case you are using parameters but this will not protect you if someone gets lazy in the code.
Use stored procedures and parameters as below:
Private ConnectionObj As New SqlConnection
ConnectionObj.ConnectionString = "Data Source=ServerName;Initial Catalog=DatabaseName;Integrated Security=True"
ConnectionObj.Open()
Dim SQLAdaptorObj As New SqlDataAdapter
Dim SqlCommandObj = New SqlCommand("a_stored_procedure", ConnectionObj)
SqlCommandObj.Parameters.Add("@year", SqlDbType.Int).Value = year
SqlCommandObj.Parameters.Add("@age", SqlDbType.Int).Value = age
SqlCommandObj.CommandType = CommandType.StoredProcedure
Dim DataTableObj As New DataTable
SQLAdaptorObj.SelectCommand = SqlCommandObj
SQLAdaptorObj.Fill(DataTableObj)
SQLAdaptorObj.Dispose()
SqlCommandObj.Dispose()
ConnectionObj.Close()