Try this code. You should check if the filename has a value and contains '.'
sImageFileExtension = ImageName.Contains('.') ? imageName.Substring(ImageName.LastIndexOf('.')) : "";
Also, you should not use that kind of approach on inserting or doing sql transaction. If someone put something like this
'; drop table User; --
on your TextBoxEmail.Text.
The resulting query will be
Select * FROM [User] where Email=''; drop table User; --'
Then you're doomed!
Good luck!