A few problems with the code; a vulnerability, your actual problem, an inefficiency, and some notes/suggestions for you.
1. Concatenated strings should never be used, this is a SQL Injection vulnerability; it's been known for over 20 years now and is unacceptable. Use SqlParamaters to add the values to the command object.
2. Items in the SET list should be separated with a comma(,)- not an ampsersand (&).
3. The SqlDataAdapter is designed for working with data retrieval, and has an overhead to it which is not needed for this application. All you need to run this is a SqlCommand object.
4. ExecuteNonQuery returns an Int32 to let you know how many rows were affected. You can use this to verify the query was run as expected. I threw it into your message box.
5. You should be using try/catch blocks which I added in. Ideally this should all be wrapped in a
using
block to properly dispose of the resources.
enuff of that... here is the code rewrite that I did
using (SqlConnection con = new SqlConnection(connectionsting)) {
try {
string query = "UPDATE Emp2 SET DateOut = @Dateout, TimeOut = @Timeout WHERE No = @No";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@Dateout", textBox11.Text);
cmd.Parameters.AddWithValue("@Timeout", textBox5.Text);
cmd.Parameters.AddWithValue("@No", textBox1.Text);
con.Open();
int RowsAffected = cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show(string.Format("UPDATE SUCCESS! {0} rows were updated". RowsAffected));
}
catch (Exception ex) {
}
}