Um...when you were reading up on parameterised queries, did you notice how you were supposed to use them?
This query:
Dim CompQuery As String = "SELECT * FROM Company WHERE CompanyName = '" & txtCompName.Text & "' AND AssociationID = " & cmbUnderAssoc.SelectedValue & " "
does not use parameters. Instead, it uses the text directly and is wide open to SQL injection.
Try this:
Dim CompQuery As String = "SELECT COUNT(*) FROM Company WHERE CompanyName = ? AND AssociationID = ?"
Dim compCommand As OleDbCommand = New OleDbCommand(CompQuery, con)
compCommand.Parameters.AddWithValue("?", txtCompName.Text)
compCommand.Parameters.AddWithValue("?", cmbUnderAssoc.SelectedValue)
con.Close()
con.Open()
If Convert.ToInt32(compCommand.ExecuteScalar()) > 0 Then
MsgBox("Entry already exist! Please input new entry")
Exit Sub
Else