It may be simple, but I did not know the syntax of doing so, hence I have also spent some time to get this done. Well, finally it works!
ArrayList parameters = new ArrayList();
parameters.Add(new OdbcParameter("?Email", email));
parameters.Add(new OdbcParameter("?Password", password));
string sql = "SELECT * FROM Members WHERE Email=? and Password=?";