First, don't be so rude. And use a proper title for your question.
The most important thing you need to learn about data access is how to use parameters.
Never concatenate user values into an SQL statement.
Next, getting the count of records is a pointless waste of time.
Finally, if you expect to receive many records, use ExecuteReader, not ExecuteScalar.
I assume you are using Access as a database. Using parameters with Access, and some other databases, is not as easy as with SQL Server and some others, but it can be done if you're careful.
My VB-fu is weak, but this should be enough to get you going:
dim cmd as new oledbcommand("select msg from message where sender=@sendername",con)
dim prm as cmd.createparameter()
prm.parametername="sendername"
prm.value=textbox1
cmd.parameters.add(prm)
dim rdr as cmd.executereader()
while(rdr.read())
end while