0) Is you Id field *really* a string? Most of the time, the Id field in a table is an integer.
1) You shouldn't form your query by concatenating strings with variables like that, because you risk sql injection. You should set parameters in the
SqlCommand
object you use to run the query. There are many references to this that are easily discoverable with even a cursory google search.
2) Assuming @authentic = 2, and @name = 'Steve';
"SELECT * from [userdata] WHERE authentic=" + @authentic + " and name like '%" + @name + "%'"
The query above will give you all students with the word "steve" somewhere in the name.
I'm not sure what Id has to do with given my first question.