why we use parametric SQL query instead of simple one.
string CustomerName = "Anderson" //Simple MSSQL Query string qr = "SELECT CustomerCode FROM accounts WHERE CustomerName = '" + CustomerName + "' "; // Parametric MSSQL Query List<SqlParameter> param = new List<SqlParameter>().ToList(); sparam.Add(new SqlParameter() { ParameterName = "@AccountName", Value = CustomerName }); string qr = "SELECT CustomerCode FROM accounts WHERE CustomerName = @AccountName ";