Probably, it's the username that's giving the problem.
But...you shouldn't do that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
The chances are that fixing that will also solve your other problem, as well as making your code easier to read.
cmd.CommandText = "update onlineUsers set status=@STAT where username=@UN";
cmd.Parameters.AddWithValue("@STAT", "true");
cmd.Parameters.AddWithValue("@UN", txtUsername.Text);