First, your query uses SELECT *" which is bad practice as a tiny change in the database table can change the order your columns are returned. ALWAYS use "SELECT columnName, columnName, columnName, ..." to return the data in a known column order.
You cannot use column names with SqlDataReader.GetString(), or any of the Get... methods on the DataReader. You can only use integer index values, which you would have seen had you read the documentation on
SqlDataReader Class (System.Data.SqlClient)[
^]
Also, you opened yourself up to having your database destroyed by SQL Injection attacks. Google for "SQL Injection Attack" and "VB.NET sql parameterized query" to fix that problem.