That error means that the string you're trying to convert is not an integer. Try to use int.TryParse

int newbal;

if(int.TryParse(txtQtyOrdered.Text, out newbal))
    newbal = newbal - Qty;

the same with other texts you are trying to convert

... and add space before " AND which will generate next error

I think you need to debug your code. During debugging copy your query from "com.CommandText" and paste in SQL Server you find the error

There is only a query error nothing else... May be txtQtyOrdered value is not integer, there is also need blank space "AND ItemID=" to " AND ItemID="

Thanks,

Taha

You need to put a space before your "AND" and that you are trying to convert a string to an integer that isn't an integer.

First - You are missing a space before "AND"

1. You should try to parse the values before the update statement.
2. You should decide what you want to do in case the input from the textbox wasn't in the correct format rather then just get an exception when you try to update.
3. This isn't the right way to format strings, You should use string.Format

you can sometimes run into this problem when you have multiple parameters and are using Oracle or DB2 databases. They dont's support named parameters or it's not turned on.

Oracle:

    Dim cmd As OracleCommand = DirectCast(connection.CreateCommand, OracleCommand)
    cmd.BindByName = True

Make sure you parameters are added to the command object in the same order as the sql statement

I'd recommend making changes according to the following code review suggestions based on the code (listed in order of value (cost/benefit of "fixing")):

1. This method, which is accessing a database should not be reading controls to get its values. Instead there should be an event handler, such as a button click, that parses the values of other controls, using TryParse, as gregjer answered. By segregating the UI and Data code, the data access layer is easier to test and by parsing at the surface (the UI layer) exceptions dealing with bad user input will be caught as soon as possible.
2. Dynamic SQL via strings in the database or in the data access layer w/i .NET is open to SQL injection. You are resolving that issue by parsing the text, so awesome job by you. BUT, this was already handled by the .NET team by providing parameterized commands. Refer to the MSDN SqlCommand.Parameters or see here for a brief, including how a consuming developer groks this topic: When should "SqlDbType" and "size" be used when adding SqlCommand Parameters?
3. Variable naming. Instead of Qty, standard .NET naming conventions would call for quantity, camelCased since it is a parameter and the full human language name, not a shorthand or abbreviation, especially for publicly visible bits. IntelliSense makes long variable names not a problem. Since .NET is unwieldy using just Notepad, it should be assumed that other developers are using an IDE such as VisualStudio or SharpDevelop, so use meaningful names.
4. Stored procedures should be used. Every time this SQL is executed, SQL Server needs to check its command cache minimally, but if the command has been flushed from cache, the SQL command needs to be interpreted and encached (put into cache). This as well as the fact that using a stored procedure requires "shipping" less bytes on every call to the database.