Firstly, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead - just like you do in the WHERE clause.
Secondly, try:
WHERE [Image] IS NOT NULL AND [Image]=@Image
("Image" is an SQL datatype, and thus a keyword: you need to use brackets round it to use it as a column name.)