use parameter
SqlCommand cmd = new SqlCommand("select * from tblCategories where CategoryName=@CategoryName", con);
cmd.Parameters.AddWithValue("@CategoryName", Request.QueryString["CategoryName"]);
Or in your inline parameter specify it as string, by using
''
SqlCommand cmd = new SqlCommand("select * from tblCategories where CategoryName='" + Request.QueryString["CategoryName"]+"'", con);
but Parameterized sql query is more safe and it will protect your application from sql injection attacks.