You create parameters and add them to the SQLCommand object:
SqlCommand cmd2 = new SqlCommand("update stkdetails set customer=customer+@customer where empname='" + rows.Cells[2].Value + "'and date='" + txtdate.Text + "'", con2);
cmd2.Parameters.AddWithValue("@customer", rows.Cells[7].Value);
I would also
strongly suggest you set up parameters for @empname and @date at the same time.
SqlCommand cmd2 = new SqlCommand("update stkdetails set customer=customer+@customer where empname=@empname and date=@date", con2);
cmd2.Parameters.AddWithValue("@customer", rows.Cells[7].Value);
cmd2.Parameters.AddWithValue("@empname", rows.Cells[2].Value);
cmd2.Parameters.AddWithValue("@date", txtDate.Text);