One more thing you need to fix: Always use parameters in your SQL statements instead of concatenating text directly to you SQL text. This helps you to handle different data type conversions etc but most importantly, it keeps you safe from SQL injections
For example your update currently looks like
CN.Open();
SqlStr = "Update Student set ";
SqlStr = SqlStr + " Name='"+TxtName.Text+"' , ";
SqlStr = SqlStr + " Director='" + TxtDirector.Text + "' , ";
SqlStr = SqlStr + " Year='" + TxtYear.Text + "' , ";
SqlStr = SqlStr + " Type='" + TxtType. Text + "' , ";
SqlStr = SqlStr + " where Id_Movies='" + TxtID.Text + "' ";
SqlCmd = new SqlCommand(SqlStr, CN);
SqlCmd.ExecuteNonQuery();
MessageBox.Show("Edited successfully.");
Clear();
As said you should use parameters so the code should be something like
CN.Open();
SqlStr = @"UPDATE Student
SET Name = @name,
Director = @director,
Year = @year,
Type = @type,
WHERE Id_Movies = @id";
SqlCmd = new SqlCommand(SqlStr, CN);
SqlCmd.Parameters.AddWithValue("@name", TxtName.Text);
SqlCmd.Parameters.AddWithValue("@director", TxtDirector.Text);
SqlCmd.Parameters.AddWithValue("@year", TxtYear.Text);
SqlCmd.Parameters.AddWithValue("@type", TxtType. Text);
SqlCmd.Parameters.AddWithValue("@id", TxtID.Text);
SqlCmd.ExecuteNonQuery();
MessageBox.Show("Edited successfully.");
Clear();
Of course it would make sense to first check that the inputs in the text boxes are valid. FOr example TxtID being numeric if that is the type of the field and so on.
For more information about parameters, see
SqlParameter[
^]