As you don't say what kind of error you get I assume that this part is causing you problems.
where userid = userid "
You are inserting the literal string "userid", not the value of the variable
userid
.
string sqlCommand = string.Format(@"UPDATE
userid, password, role, first_name, last_name, user_group, user_level, active
FROM aster_users
SET password=@password, role=@role, first_name=@first_name, last_name=@last_name,
user_level=@user_level, user_group=@user_group, active=@active
WHERE userid = '{0}';", userid);
Debug.WriteLine(sqlCommand);
MySqlCommand cmd = new MySqlCommand(sqlCommand, con);
It is not dangerous to split a long code chunk into smaller parts. Doing so makes it easier to debug the code.
Personally I find it easier to read an SQL string if I use capital letters for the SQL pre-defined words. This is just my personal taste and there are many opinions about this.