Simple: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
At the moment, you are wide open to anyone who has access to you site: they can type in any one of your text boxes, and delete your database.
And the concatenation also causes your problem, because
GridView1.Rows[i].Cells[2].ToString()
returns the name of the control, "System.Web.UI.WebControls.DataControlFieldCell" rather than it's content. If you use a parameterised query, you can pass the cell value through directly without converting it to a string first.