you have {0} and {1} in your string format but you not have given values for those.
like below you have to give parameters for each item you have.
string test = string.Format("A={0}, B ={1}", AValue, BValue);
you have given connection object in wrong place, check below sample code:
string updateSql = "UPDATE Employees " + "SET LastName = @LastName " + "WHERE FirstName = @FirstName";
SqlCommand UpdateCmd = new SqlCommand(updateSql, thisConnection);
// 2. Map Parameters
UpdateCmd.Parameters.Add("@FirstName", SqlDbType.NVarChar, 10, "FirstName");
UpdateCmd.Parameters.Add("@LastName", SqlDbType.NVarChar, 20, "LastName");
UpdateCmd.Parameters["@FirstName"].Value = "Wade";
UpdateCmd.Parameters["@LastName"].Value = "Harvey";
UpdateCmd.ExecuteNonQuery();
better to use sql parameters than using string format, you can avoid sql injection attacks