First off, don't do it like that: use a parametrized query instead:
SqlDataAdapter da=new SqlDataAdapter ("select productImage from companyCategory where productCategoryID=@PC", con);
da.SelectCommand.Parameters.AddWithValue("@PC", txtCode.Text.Trim());
The way you are working leaves you wide open to SQL injection attacks which can accidentally or deliberately destroy your database.
Secondly, check your table contains data - what happens if the user types the name wrong? Bang! "Object not set to an instance..." error and your code falls over. Blindly using "[0][0]" without checking is a stupid, pointless waste of user time.
Thirdly, check you data coming back from the DB - Since I don't know what your table looks like, I can't be sure, but there is a good chance that dt.Rows[0][0].ToString() is returning a datatype name, rather than a file name.
Finally, beware of relative paths! If your page is not in your root, (and it probably shouldn't be) then you need to look at prefixing your path with "~/" to specify exactly the path to your folders.