Parameters cannot be used to represent a tablename or a fieldname. They can only be used to represent values in WHERE conditions or to insert/update values in INSERT or UPDATE queries.
In this situation you have no alternative than reverting to string concatenation.
Just be sure that you don't allow your user to type the tablename, but only select it from a predefined list of well known names
Private Sub LoadTable(table as String)
dt.Dispose()
dt = SQL.ExecuteCommand("SELECT * FROM " & table)
command.Dispose()
End Sub
I have also changed your ExecuteCommand to receive a string instead of a command. In my opinion this concentrates all of your disposable objects in the ExecuteCommand method where they could be easily initialized and disposed through the Using Statement
Public Function ExecuteCommand(cmdText as String)
Dim dt As New DataTable
Using con = New MySqlConnection(GetConnectionString())
Using command = new MySqlCommand(cmdText, con)
con.Open()
Using da = new MySqlDataAdapter(command)
da.Fill(dt)
End Using
End Using
End Using
Return dt
End Function