I do not know for SQL, but in C # it does not make sense. Since the row is immutable, you cannot redefine data, even if you try your best.
When you write
cardnumber = "11111111111111111111";
It just creates another line in memory, but the old card number is still here, somewhere in memory.
And when you write
cardnumber = null;
This plays out the previously created line, and now you have a cardnumber link pointing to nothing. But your line containing the real card number is still here. Thus, this code is not only erroneous, but also dangerous because it gives a false sense of security.
See what MSDN said on the SecureString page, which George Duckett shares in the comments:
An instance of the System.String class is immutable and, when not longer, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after its creation and it is impossible to predict when the instance will be deleted from the computer's memory. Therefore, if the String object contains sensitive information, such as password, credit card number, or personal data, there is a risk that the information may be detected after using it because your application cannot delete data from the computer's memory.
Further readings: