Use placeholders with the same name of the parameters for SqlClient engine
strSQL = "insert into userTD(username,password) values(@username,@password)"
Also, I suggest you to use the using statement for the connection (better for all disposable objects, but the connection is a big problem if you get an exception and it remains open)
Using objconnection = New SqlConnection(strconnection)
......
objcnd.ExecuteNonQuery()
' No need to close explicititly the connection, '
' the following End Using statement takes care of that'
' also in case of exceptions.....'
End Using