change your sql statment as
string str = "select * from registration where FirstName like @search AND StudentID LIKE @StId";
when you add parameter values set it as below
cmdSearch.Parameters.Add("@search", SqlDbType.VarChar).Value = "%" +txtContactFirstName.Text + "%";
cmdSearch.Parameters.Add("@StId", SqlDbType.VarChar).Value = "%" +txtContactID.Text + "%";