Please, learn what you are doing.
You have found some code on the internet, and copied some of it into your code without thinking about how it's supposed to work. You've then added some code to try and make it work differently.
That's not valid SQL, it's vulnerable to SQL Injection where your user can damage or delete your database, it's missing all the parameter values, and it's clear you don't know what you are doing.
The basic SQL you want to insert a row is like this:
INSERT INTO MyTableName (firstColumnNameToInsertInto, secondColumnNameToInsertInto, ...) VALUES (valueToInserttoColumn1, valueToInsertToColumn2, ...)
But you are then mixing parameters (which you don't provide) with string concatenation - and the concatenation is a big problem:
string sql = "INSERT INTO MyTable (MyColumn) VALUES ('" + myTextBox.Text + "')";
That's string concatenation, and it gives total control of you DB to your user - just by typing in the text box he can do anything he likes.
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
But when you do use parameterised queries:
string sql = "INSERT INTO MyTable (MyColumn) VALUES (@MyValue)";
You have to supply the parameter value:
int myValueForTheColumn = 666;
string sql = "INSERT INTO MyTable (MyColumn) VALUES (@MyValue)";
SqlCommand cmd = new SqlCommand(sql, connection);
cmd.Parameters.AddWithValue("@MyValue", myValueForTheColumn);
Think about that lot, and see if you can work out what code you need to use to get this to work - it's not difficult!
Let me know how you get on.