private void UpdateRecords(StringCollection sc)
{
SqlConnection conn = new SqlConnection(connectionString);
TextBox box3 = (TextBox)GridView2.Rows[rowIndex].Cells[3].FindControl("TextBox3");
TextBox box4 = (TextBox)GridView2.Rows[rowIndex].Cells[4].FindControl("TextBox4");
string sqlStatement = "UPDATE SampleTable SET Intime2='" + box3.Text +"', Outtime2='"+ box4.Text +"' WHERE ";
try
{
conn.Open();
SqlCommand cmd = new SqlCommand(sqlStatement, conn);
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
Page.ClientScript.RegisterClientScriptBlock(typeof(Page), "Script", "alert('Records Successfuly Saved!');", true);
}
catch (System.Data.SqlClient.SqlException ex)
{
}
finally
{
conn.Close();
}
}
Also, you might want to set the SQL parameters by passing them using the SQLParameters for more security.