Your update statement is incorrect, see below.
Also, concatenating string values is a dangerous way to run a query. You are leaving yourself open to
Sql injection[
^]. Use
parameterized queries[
^] instead.
SqlCommand insertingbill = new SqlCommand();
insertingbill.CommandText = "Update customerdetails set bill =@bill where contactnumber=@contactNumber";
insertingbill.Parameters.AddWithValue("@contactNumber",textBox2.Text);
insertingbill.Parameters.AddWithValue("@bill",label9.Text);
insertingbill.Connection = con;
insertingbill.ExecuteNonQuery();