When you create a parameterised query - and that is exactly the right way to do SQL operations - you have to also create a Parameter which contains teh value you wish to pass to SQL. It's a bit like calling a method in C#. You define it
public int DoInsert(int regNo, string name, string address, DateTime insertDate)
{
...
}
But when you call it, you must provide the values:
int rowsAffected = DoInsert(666, "Mike Smith", "2 Main Street, Kentucky", DateTime.Now);
If you miss out any parameters, you get a compiler error.
SQL is the same.
Add a line for each parameter:
cmd.Parameters.AddWithValue("@NameOfParameterInSQLCommand", valueIWantInTheColumn);
And it'll start to work.