Improper neutralization of special elements used in an SQLCOMMAND('sql injection') (CWE ID89)

Hello everyone,
Please help with this SQL Injection flaw of veracode and refer below code.
This database query contains a SQL injection flaw. The function call constructs a dynamic SQL query using a variable derived from user-supplied input. An attacker could exploit this flaw to execute arbitrary SQL queries against the database.

Avoid dynamically constructing SQL queries. Instead, use parameterized prepared statements to prevent the database from interpreting the contents of bind variables as part of the query. Always validate user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
Source code:
Public Sub AddParameter(ByVal parmName As String, ByVal parmValue As String, _
ByVal parmType As SqlDbType, ByVal parmDirection As Direction, _
Optional ByVal parmSize As Integer = 0)

Dim Parameter As SqlParameter
DIM parms As ArrayList
parmDirection = Direction.input Then
Parameter = New SqlParameter(parmName, parmValue)
Parameter.Direction = ParameterDirection.Input
Parameter.SqlDbType = parmType
End Sub

Public Function Employeenumber(ByVal ENumber As String) As Boolean
DBAccessor = New DBAccessor.DBAccessor
DBAccessor.AddParameter("@parametername", Nothing, SqlDbType.VarChar, DBAccessor.DBAccessor.Direction.input)
objDataset = DBAccessor.MakeDBCall
Return True
Catch ex As Exception
Return False
DBAccessor = Nothing
End Try
End Function

Public Function MakeDBCall() As DataSet


Dim DataSet As DataSet = New DataSet
Dim Command As New SqlCommand

Dim i As Integer
Con = New SqlConnection(connectionString)
'Open connection and set the adapater for a stored procedure.
Adapter.SelectCommand = Command
Adapter.SelectCommand.Connection = Con
Adapter.SelectCommand.CommandType = CommandType.StoredProcedure'type stored procedure
Adapter.SelectCommand.CommandText = cmdText'StoredProcedure name

'Add parameters
For i = 0 To (parms.Count - 1)

Return DataSet

Catch ex As Exception

Return Nothing
End Try

End Function