Use a parametrized query (you should be anyway to avoid SQL Injection attacks). This code inserts the Thumbnail image as a byte array:
using (SqlConnection con = new SqlConnection(GenericData.DBConnection))
{
con.Open();
byte[] bytes = Thumbnail.ToByteArray()
using (SqlCommand cmd = new SqlCommand("INSERT INTO Images (Id, Location, Thumbnail) VALUES (@ID, @DS, @TN)", con))
{
cmd.Parameters.AddWithValue("@ID", Id);
cmd.Parameters.AddWithValue("@DS", Location);
cmd.Parameters.AddWithValue("@TN", bytes);
cmd.ExecuteNonQuery();
}
}</pre>