Look at your update query:
"UPDATE LOGIN set CPoints= tt where U_name = '"+txtusername.Text+"' "
The value you are trying to set it to is fixed: "tt" and SQL does not see that as a string (because it does not have quotes around it) so it is trying to find it as a variable or columns name. It cant. so it assumes it is a paramater value which you have not defined. Looking at your code, I suspect that you want the value in the variable
rather than the variable name here.
But don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.