SqlConnection connection = new SqlConnection(Program.C);
connection.Open();
string cmdText = "Update table1 set rate=@rate,qty=@qty,total=@total where id=@id";
SqlCommand command = new SqlCommand(cmdText, connection);
command.Parameters.AddWithValue("rate", rate);
command.Parameters.AddWithValue("qty", qty);
command.Parameters.AddWithValue("total", total);
command.Parameters.AddWithValue("id", id);
command.ExecuteNonQuery();
connection.Close();