Couple of things:
Firstly, an SQL query needs more than just the data you want to insert, or update - it needs to know what you want to do with it, where it is to go, and so forth.
SqlCommand cmd = new SqlCommand("INSERT INTO myTable (myColumn1, myColumn2) VALUES ('data for column1', 'data for column2')");
The syntax for an UPDATE query is similar, but look here for details: w3Schools
Secondly, you need to specify the connection before you execute the query, either by using the SqlCommand constructor overload that has an SqlConnection parameter, or by setting the Connection parameter of the SqlCommand.
Thirdly, doing it that was is extremely dangerous. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.