string id=Session["userid"].ToString();
string str = ConfigurationManager.ConnectionStrings["shuju"].ConnectionString;
SqlConnection conn = new SqlConnection(str);
string sql = "select * from user where grade >(select grade from user where id="+id+")";
SqlCommand cmd = new SqlCommand(sql,conn);
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataTable dt = new DataTable(sql);
da.Fill(dt);
DataList1.DataSource = dt;
DataList1.DataBind();
user用中括號括起來
select * from user where grade >(select grade from user where id="+id+")";
改成
select * from [user] where grade >(select grade from [user] where id="+id+")";