i) First thing i just wanted to know why you are passing the parameter to the sql query whereas it does not look like you need to pass any parameter as you are dealing with a SQL query not a stored procedure. Either keep the query in a stored procedure and retrieve value as parameter you want else pass parameter concatenating to the query itself adding a where condition if required.
Or else you do not need any parameter at all.
ii) Secondly even if you are passing the parameter with value , the way it is being called is looking like wrong here.
cmd.Parameters.AddWithValue("@SaleFileName", SqlDBType.NVarChar );
As the method name suggest it expects parameters two parameters like the parameter name and the value. The first one you are passing correctly the parameter name, but the second one should be the parameter value you want to pass not the datatype here. Please check this.
Please check with below references :-
1.
Simple ADO.NET Database Read, Insert, Update and Delete using C#.[
^]
2. http://www.aspsnippets.com/Articles/Save-and-Retrieve-Files-from-SQL-Server-Database-using-ASP.Net.aspx
Hope it will be of help to you.