That won't work with a parameterized query like you're doing -- the single quotes will be escaped and the SQL sent to the server will not be valid. That pattern is used to avoid SQL injection attacks.
You would be better off creating a complete form with all the fields you want and passing the individual fields to your SQL statement. Create a separate TextBox for each field you want to insert into your Names table. In my example below, I have named them emailTextBox, yearTextBox, firstnameTextBox, lastnameTextBox, nameTextBox, and usernameTextBox.
Also, although I am providing a very basic example, you should probably validate each field before you actually send the data to the database. You should validate to ensure required fields have values as well as for format -- email for example has a very specific format, and year should probably be a number. For more information on validation, see the following:
http://msdn.microsoft.com/en-us/library/7kh55542.aspx
Example:
var qry = "Insert into dbo.Names (Email,Year,FirstName,LastName,Name,Username) " +
"VALUES (@email, @year, @firstname, @lastname, @name, @username)";
var cmd = new SqlCommand(qry);
cmd.Parameters.AddWithValue("@email", emailTextBox.Text);
cmd.Parameters.AddWithValue("@year", yearTextBox.Text);
cmd.Parameters.AddWithValue("@firstname", firstnameTextBox.Text);
cmd.Parameters.AddWithValue("@lastname", lastnameTextBox.Text);
cmd.Parameters.AddWithValue("@name", nameTextBox.Text);
cmd.Parameters.AddWithValue("@username", usernameTextBox.Text);