As I mentioned earlier, look like the code is missing a WHERE clause (WHERE Client_ID = txtID.Text). Right now, the query will update all the records in the database with the same information. Unless there only one record in the table, which I doubt it.
cmd.CommandText = "update MedicalRegistration set Date_Registered = '"
+ dtpDate.Text + "', Date_of_Released = '" + dateTimePicker1.Text + "', Client_Name = '"
+ txtClient.Text + "', BirthDate = '" + dtpBday.Text + "', Age = '" + txtAge.Text + "', Gender = '"
+ cbGender.Text + "', Civil_Status = '" + cbStatus.Text + "', Address = '" + txtAddress.Text + "', Cellphone_Number = '"
+ mtxtCell.Text + "', Telephone_Number = '" + mtxtTell.Text + "', Religion = '" + txtReligion.Text + "', Place_of_Birth = '"
+ txtPOB.Text + "', Primary_Education = '" + txtPrimary.Text + "', Secondary_Education = '" + txtSec.Text + "', Tertiary_Education = '"
+ txtTertiary.Text + "', Final_Diagnosis = '" + txtFinalDiagnosis.Text + "', Amount = '" + txtAmount.Text + "', Claimant_Name = '"
+ txtClaimant.Text + "' WHERE Client_ID=" + txtID.Text;
Once you get everything straighten up, try use Parameterized Query in the code to minimize SQL injection possibility.
Building Dynamic SQL In a Stored Procedure[
^]
How to: Execute a Parameterized Query[
^]
Here is an example on how the Cross-Site Scripting and SQL Injection vulnerabilities come into a nightmare.
SQL Injection and Cross-Site Scripting[
^]