why we use parametric SQL query instead of simple one.
string CustomerName = "Anderson"
//Simple MSSQL Query
string qr = "SELECT CustomerCode FROM accounts WHERE CustomerName = '" + CustomerName + "' ";
// Parametric MSSQL Query
List<SqlParameter> param = new List<SqlParameter>().ToList();
sparam.Add(new SqlParameter() { ParameterName = "@AccountName", Value = CustomerName });
string qr = "SELECT CustomerCode FROM accounts WHERE CustomerName = @AccountName ";