As Wes says - it's pretty obvious! But please, please, don't do it that way! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:
SqlCommand cmd = new SqlCommand();
cmd.Connection = cn;
cmd.CommandType = CommandType.Text;
cmd.CommandText = "SELECT * FROM " + TableName + " WHERE SupplierName=@SN";
cmd.Parameters.AddWithValue("@SN", txtSupplierName.Text);