Don't use ExecuteReader with a UPDATE Query - use ExecuteNonQuery instead. It will return an integer value, which is the number of records affected. You can check this, and decide if there were any changes.
And do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
"i preferred this queries because in my college they teached this kind of queries.... now what kind of queries i have to use in project for safety.... if u suggest i will start to learn.... if u dont mind can u tell.. what i have to do....? to develop secured PROJECT(application)..."
cmd = new SqlCommand("UPDATE purchase SET om=@OM, address=@AD, phone=@PH, baled=@BE, paid=@PD, status=@ST, balance=@BL where cm=@CM", UGIcon);
int updated = cmd.ExecuteNonQuery();
if (updated == 0)
MessageBox.Show("No records were updated");
MessageBox.Show("Details has been updated sucessfully", "Update Window", MessageBoxButtons.OK, MessageBoxIcon.Information);
Depending on the values in your tables, you should check and convert your values to the appropriate datatypes (to prevent the user typing an alpha into a numeric field, and so on - but you should check all that at the top of your method anyway and not get this far if there is a problem.)
If your college doesn't teach you about SQL injection attacks, then you have a pretty poor lecturer. (And I would not suggest that you try to see what happens if you try one on his code - you might get expelled if you "accidentally" delete his tables...)