Your code is totally wrong.There may be SQL attack in your query.Beware.
May be following snippet help you.
protected void Button3_Click(object sender, EventArgs e)
{
string EmpNo = TextBox1.Text;
string EmpName = TextBox2.Text;
string Designation = DropDownList1.SelectedItem.Text;
string Department = DropDownList2.SelectedItem.Text;
decimal Salary = Convert.ToDecimal(TextBox3.Text);
if (!string.IsNullOrEmpty(Request.QueryString["EmpNo"]))
{
EmpNo = Request.QueryString["EmpNo"].ToString();
SqlConnection con = new SqlConnection("Server=TCT-SW24;uid=sa;password=******; database=sreeramdasari;");
String query = string.Empty;
query = string.Format(("Update EmployeeDetails set EmpName=@EmpName, Designation=@Designation,Department=@Department,Salary=@Salary where EmpNo=@EmpNo"), con);
SqlCommand cmd = new SqlCommand(query, con);
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@EmpNo", EmpNo);
cmd.Parameters.AddWithValue("@EmpName", EmpName);
cmd.Parameters.AddWithValue("@Designation", Designation);
cmd.Parameters.AddWithValue("@Department", Department);
cmd.Parameters.AddWithValue("@Salary", Salary);
cmd.Connection = con;
con.Open();
cmd.ExecuteNonQuery();
Label6.Text = (" Record Updated Successfully");
Label6.Enabled = true;
TextBox1.Enabled = false;
con.Close();
}
}