Looking at your code - you are using Sql which is expecting you to use a parameterised query (as far as I can tell). In your particular case here, using hardcoded values, you should be using SqlStatement instead. As others point out though, you should be looking at a parameterised statement, you probably want something like this
m_pStmt->Sql("UPDATE Materiali SET mat_desc = @desc WHERE mat_codart =@codart");
m_pStmt->BindString(1, "lllllll");
m_pStmt->BindString(2, " 020 100/5");
m_pStmt->ExecuteAndFree();
Note that we have to execute the statement for it to take effect. If you don't execute it, you've just written a SQL statement that does nothing.