First of all, why on earth would you still be using query strings like this? You should have preset stored procedures. 1. They're faster because SQL Server would have their execution plans ready and 2. are not insecure like
Johnny Tables[
^].
Also, go the extra mile and specify the records you want rather than use "*"; "*" forces the DB to do a lookup prior to bringing out the field names, it has to list it for itself.
And finally, how can you debug your code 2 minutes after writing that jumble?!! I can barely read it. Trust me, put some order in your life, spaces, tabs and new lines are super cheap but they make for infinitely readable code.
One other note, when reading data from a textbox, unless its masked, I'd suggest you use .trim() on the data, this way you can make sure you've removed any preceding or trailing spaces.
Your Update statement seems fine, again take in to account the points I have mentioned above.
Why are you checking for the number of records affected?
Also, the serial number is unaffected, what are you trying to achieve?
I really want to help, I just don't understand exactly what you need.