If CategoryID in your database is an integer, this won't work:
CategoryID='" + Request.QueryString["ID"] + "'
You won't need the single quotes.
CategoryID=" + Request.QueryString["ID"] + "
But seriously, the way you're building your query is SQL injection waiting to happen:
http://en.wikipedia.org/wiki/SQL_injection[
^]
I'd seriously look at parameterizing your queries.