One error that I can see is the update SQL statement is not completed. You missed the last single quote.
string str = "update tbl_OpdClaim set Balance =" + txtbalance.Text + " ,status='" + txtstatus.Text + "' where userid='" + _sr.ToString() + "'" ;
General comment:
You started as good approach which is parameterized query and you mixed with SQL statement which is bad.As Christian Graus said you might be exposed to
SQL Injection[
^].