Change your query to:
sql = "Update Tb_SCH_Faculty_Details set Course_Duration= '" + textbox2.Text +
"',Allocated_Hours = '" + textbox3 .Text + "' where Cmn_Minor_Code = '" + txt_coursecode.Text + "'";
which will cure your immediate problem, but please, don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.