The parameterized query expects the parameter which was not supplied

If you pass null value to parameter,you will get this error even after you add the parameterso try to check the value and if it null then use DBNull.Value

This will work

cmd.Parameters.Add("@Department", SqlDbType.VarChar)If (TextBox2.Text = Nothing) Then    cmd.Parameters("@Department").Value = DBNull.ValueElse    cmd.Parameters("@Department").Value = TextBox2.TextEnd If

This will convert the null values from the object layer to DBNull values that are acceptable to the database.

Your website is in serious danger of being hacked.

Read up on SQL Injection and how to prevent it in .NET

Your query problem is the least of your concerns right now.

But.....

@Misnomer's solution is close but not quite there:

Change your query to this:

cmd.CommandText = "SELECT * FROM borrow where (Department LIKE '%@DepartmentText%')"

and add parameters this way (or the way that @Misnomer does):

cmd.Parameters.AddWithValue("@DepartmentText",TextBox2.Text)

The important difference is that you need to change your CommandText.

Building on and simplifying ravidev's answer:

The VB.NET shorthand is:

cmd.Parameters.AddWithValue("@Department", IF(TextBox2.Text, DBNull.Value))

The C# shorthand is:

cmd.Parameters.AddWithValue("@Department", (object)TextBox2.Text ?? DBNull.Value)