To add to what Abhinav says, you should also move to parametrized queries:
string sql1 = "select name from student where 10thper>=@P10 AND 12thper>=@P12 AND aggregate>=@AGG AND backlog<=@BLG AND academicgap<=@ACG";
System.Data.OleDb.OleDbCommand cmd1 = new System.Data.OleDb.OleDbCommand(sql1, cn);
cmd1.Parameters.AddWithValue("@P10",DropDownList3.Text);
cmd1.Parameters.AddWithValue("@P12",DropDownList4.Text);
cmd1.Parameters.AddWithValue("@AGG",DropDownList5.Text);
cmd1.Parameters.AddWithValue("@BLG",DropDownList6.Text);
cmd1.Parameters.AddWithValue("@ACG",DropDownList7.Text);
It makes it a LOT more obvious and protects against accidental or deliberate SQL Injection attacks.
BTW: While you are changing this, please change your variable names: You may be able to remember what DropDownList5 contains today, but I bet you won't next month! If you call it "ddlAggregate" or similar, it becomes a lot easier to read and check for mistakes.