Ah. Oh dear...
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And there is your problem: what you save to the db is the name of the file rather than the file itself - so when you read it back, you have to then access the file to get at the image - which is complicated, because an IMAGE datatype is a binary array of data, and doesn't convert nicely to a string, so you can't easily use it to re-open teh file.
Either store the image data in the DB (
Why do I get a "Parameter is not valid." exception when I read an image from my database?[
^] explains how) or store the whole path to the file in a NVARCHAR column instead.
And BTW: don't store all your images in the root of your website: it makes it a lot harder for you to find things later. Use a folder structure instead, just as you would on your own HDD.
And a caution for you: since you store uploaded files, what happens when two users upload files with the same name? Oops....