Your string values must be quoted as you have it set up to do, but the = sign only works for one value, not multiple.
You need an IN instead, and you need a little function to wrap the strings in quotes.
Something like this. (look up replace syntax, you want to replace commas with quote comma quote)
AND names in ('" & Replace(Request.QueryString("names"),",","','") & "')"
I'm assuming names has values that are comma-separated.
Do be careful with the possibility of the names having apostrophes in them. That kills straight sql like this. You may want to do an additional replace of a single quote with two single quotes or whatever your database uses as an escape character.
And not checking the query string for sql injection attacks is begging for trouble.