I'm going to make a couple of comments.

1. Concatenating text to create a SQL Statement in the application leaves your application vulnerable to SQL Injection. You should search for SQL Injection and code to avoid it.

2. In your UPDATE statement you need to do "SET column = " and I don't see any "=" signs in the UPDATE.

3. You also need to make sure you are wrapping string values in single-quotes so your code should be like this:

SQL = "Update table SET column = '" & control.Text & "' WHERE ID=" & IDControl.Text

I'm assuming the ID column is a numeric column.