cmd = new SqlCommand("insert into login values('"+TextBox1.Text+"','"+TextBox3.Text+"'", con);
At least there is no ')'. Try something like this:
cmd = new SqlCommand("insert into login values(@val1, @val2)", con);
cmd.Parameters.AddWithValue("@val1", TextBox1.Text);
cmd.Parameters.AddWithValue("@val2", TextBox3.Text);