NEVER, NEVER, NEVER use string concatenation to build an SQL query. You open yourself up to SQL Injection attacks. Google for "SQL Injection Attack" to find out why what you did is so bad.
This is bad:
var sql = "INSERT INTO RentalMoviesDatabase.dbo.Movie VALUES ('" + values[0] + "','" + values[1] + "','" + values[2] + "','" + values[3] + "', '" + values[4] + "','" + values[5] + "','" + values[6] + "','" + values[7] + "')";
ALWAYS use parameters to pass in your values. Google for "C# sql paramaterized queries".