You should be using parameterized queries to handle this. What you currently have leaves you susceptible to SQL injection.
You want to do something like this:
cmd = new SqlCommand("INSERT INTO Login(Username,Password,Phone_No) VALUES (@UserName,@Password,@Phone_No)",con);
cmd.Parameters.AddWithValue("@UserName",textBox1.Text);
cmd.Parameters.AddWithValue("@Password",textBox2.Text);
cmd.Parameters.AddWithValue("@Phone_No",textBox3.Text);
cmd. ExecuteNonQuery();