Note: use parameterized query/ stored procedure instead of inline query to avoid SQL Injection.
Just add with
AND at the last like
WHERE DocketNo ='" + strDocketNo + "' AND FromSTN =@Branch";
Now your code snippet should look like
string strUpdate = "Update CreateDocket set BranchCode = '" + strBranchCode + "', Date = '" + strDate + "', PinCode = '" + strPinCode + "', [To] = '" + strTo + "', ConrCode = '" + strConrCode + "', Consignee = '" + strConsignee + "', PKTS = '" + strPKTS + "',ActWt = '" + strActWt + "',ChargeWt = '" + strChargeWt + "', GrandTotal = '" + strGrandTotal + "', GoodsType = '" + strGoodsType + "', CODamount = '" + strCODamount + "', Basis = '" + strBasis + "', Mode = '" + strMode + "',ChallanNo = '" + strChallanNo + "',VehicleNo = '" + strVehicleNo + "',ChallanDate = '" + strChallanDate + "',Description = '" + strDescription + "', RChallanDate = '" + strRChallanDate + "', FromHub='" + strFromHub + "', ToHub='" + strToHub + "', Remarks='" + strRemarks + "' , Received2 = 'True' WHERE DocketNo ='" + strDocketNo + "' AND FromSTN =@Branch";
strSql.Append(strUpdate);
then add value to the parameter
command.Parameters.Add(new SqlParameter("Branch", YourValue));
In case this doesn't help, please let me know :)