Never, ever construct a SQL statement by concatenating strings obtained from user inputs. This leaves your code wide open to SQL injection attacks.
Better user
parameterized queries instead.
Something like:
string query = "UPDATE ClientMaster SET SubGroupName = @subGroupName, FirstName = @firstName, FirstAge = @firstAge, FirstPAN = @firstPAN, FatherHusbandName = @fatherHusbandName, Address1 = @address1, Area = @area, City = @city, PinCode = @pinCode, Mobile = @mobile, DPName = @dpName, DematNo = @dematNo, BankName = @bankName, BranchName = @branchName WHERE Id = @id";
using (SqlConnection connection = )
using (SqlCommand command = new SqlCommand(query, connection))
{
connection.Open();
command.Parameters.AddWithValue("@subGroupName", currentSelectedItem.Subgroup_Name);
command.Parameters.AddWithValue();
return command.ExecuteNonQuery();
}