Why did you choose to concatenate the user entered text into the SQL Command Text, when you have a
Parameter set up? Do you realize that this opens you up to
SQL Injection, which has been documented for over 20 years and is still the number 1 application vulnerability?
To fix this and to shortcut your process of adding in the parameter; try this out
cmd.CommandText = "update membermaster set VerifyPAN =1 where appmstregno=@AppMstRegNo";
cmd.Parameters.AddWithValue("@AppMstRegNo", row.Cells[1].Text);
A second suggestion would be to actually do something with that
Catch
block- perhaps define a variable with the exception and log that or something else to allow debugging to view the exception.
As for your problem at hand, if it is still occurring with; this is going to be more of a debugging issue to see what values are coming into this block of code and seeing if they are what you expect. And if they are correct, why isn't the database finding the desired record?