It's recommended to use parameterized queries to avoid SQL injection attacks and improve code readability for better debugging. There are some links are provided in above comments for your reference, here is an example to start.
string updatequery = "UPDATE Facultyleave SET Faculty_ID = @FacultyID, LeaveType = @LeaveType, TotalBalance = @TotalBalance, Month = @Month, Days = @Days, LeaveDate = @LeaveDate, LeaveTime = @LeaveTime, EndDate = @EndDate, EndTime = @EndTime, SanctionedLeave = @SanctionedLeave, AvailedLeave = @AvailedLeave, Balance = @Balance, Reason = @Reason WHERE LeaveID = @LeaveID";
using (SqlCommand cmd = new SqlCommand(updatequery, "SqlConnection"))
{
cmd.Parameters.AddWithValue("@FacultyID", txtID.Text.Trim());
cmd.Parameters.AddWithValue("@LeaveType", cboLeaveType.Text.Trim());
cmd.Parameters.AddWithValue("@LeaveID", Convert.ToString(dgvFacultyLeaveList.CurrentRow.Cells[0].Value).Trim());
bool result = DatabaseAccess.UpdateData(cmd);
}