It's probably your input on the form.
You can try this sample below. Insert any new parameters you like, as I included only a few to make it short. It will also make your code more protected against SQL injection. (Note: I only assumed your SQL data types and length, you may change it as well as needed.)
private string updateEmployees(int ID_Emp)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection("Your Connection String Goes Here");
SqlCommand myCommand = new SqlCommand();
try
{
// The Command
myCommand.Connection = myConnection;
myCommand.CommandType = CommandType.Text;
myCommand.CommandText = "UPDATE TBL_Employees Set FName=@FName, LName=@LName where ID_Emp=@ID_Emp";
SqlParameter myPara;
// Add Parameters
myPara = new SqlParameter("@ID_Emp", SqlDbType.Int, 8);
myPara.Value = ID_Emp;
myCommand.Parameters.Add(myPara);
myPara = new SqlParameter("@FName", SqlDbType.Char, 50);
myPara.Value = txtFName.Text;
myCommand.Parameters.Add(myPara);
myPara = new SqlParameter("@LName", SqlDbType.Char, 50);
myPara.Value = txtLName.Text;
myCommand.Parameters.Add(myPara);
myConnection.Open();
myCommand.ExecuteNonQuery();
return "Modified successfully";
}
catch (Exception ex)
{
//LOg Exception
return "Failed to Modify";
}
finally
{
if (myConnection.State != ConnectionState.Closed)
{
myConnection.Close();
myCommand.Dispose();
myConnection.Dispose();
}
}
}