You're mixing parameters and literals and this is causing confusion for you. Use parameters and only parameters in your statements. Every time you start writing something like
..." + ...
into an SQL statement you're most likely on the wrong track.
So the update should look something like
SqlCommand cmd2 = new SqlCommand(
@"update sales
set empnames=@empnames,
categories=@categories,
weight=@weight,
per=@per,
wastage=@wastage,
customer=@customer,
party=@party
where date=@date ", con2);
cmd2.Parameters.AddWithValue("@empnames", comboBox1.Text);
cmd2.Parameters.AddWithValue("@categories", Convert.ToString(rows.Cells[1].Value));
cmd2.Parameters.AddWithValue("@weight", Convert.ToString((rows.Cells[2].Value)));
cmd2.Parameters.AddWithValue("@per", Convert.ToDouble(rows.Cells[3].Value));
cmd2.Parameters.AddWithValue("@wastage", Convert.ToString((rows.Cells[4].Value)));
cmd2.Parameters.AddWithValue("@customer", Convert.ToDouble(rows.Cells[5].Value));
cmd2.Parameters.AddWithValue("@party", Convert.ToString((rows.Cells[6].Value)));
cmd2.Parameters.AddWithValue("@date", Convert.ToDouble(rows.Cells[0].Value));
cmd2.ExecuteNonQuery();
But it doesn't stop there, you should fix all the statements to use parameters.
Also you should
- Open a connection only once inside a single method. Why repeatedly open it?
- Use using blocks to ensure that objects are disposed correctly.
- Use try..catch blocks to properly handle exceptions.
I suggest reading through
Properly executing database operations[
^]