mysqli bind_param or add directly into query [duplicate]

why people use bind_param not directly add content in query

$query=$sql->prepare("INSERT INTO table (id,column) VALUES (?,?)");
$query->bind_param("is",$VarID,$VarData);
$query->execute();

you can do this in single line and it is very simple and easy :

$sql->query("INSERT INTO table (id,column) VALUES ('$VarID','$VarData')");

so why not used easy way ?