You are mixing up the SQL with the VB and confusing yourself. Not to mention, introducing a massive SQL-injection hole, by building up the string in that fashion.
Instead, define @variables within the SQL string and use AddWithValue to populate them.
For example:
Dim strSQL02 As String = "Update [ClinicTest2].[dbo].[ICDbS_Products] SET " & _
"NewTotal = (NewTotal + @qty_to_add) " & _
"WHERE ProductNoID = @prod_id"
Dim myCommand02 As New SqlCommand(strSQL02, objConn02)
myCommand02.Parameters.AddWithValue("@qty_to_add", QtyToAddBack)
myCommand02.Parameters.AddWithValue("@prod_id", ItemNumber)
You should also look into separating your SQL code from your VB code, preferably in the form of stored procedures but possibly with a separate class of SQL strings. For best results, the SQL strings should be constants.