Good grief!
A good selection of poor and dangerous practices there!
1) Don't save your database in the application folder - you will often (and increasingly) need admin permissions to write to such folders. in addition, such folders are a lot less likely yo be included on a regular backup schedule. Store it in a place intended for such data:
Where should I store my data?[
^]
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
3) It is bad practice to return database entries you don't need - it wastes memory and bandwidth, and can waste time depending on the data content. Specify your fields at all times!
And to add to this, why are you returning any rows at all? All you want to know is "does this record exist?" so why not return the count of existing rows instead?
cmd = new SqlCeCommand("SELECT COUNT(PalletNo) FROM Scan WHERE PalletNo = @PN", cn)
cmd.Parameters.AddWithValue("@PN", txtPallet.Text)
If (cmd.ExecuteScalar = 0) Then
Else
End If