The query should be "SELECT * FROM tblSubmissions WHERE Id = 'id_value'
- you're missing the quotes around the id
value.
Use a parametrised query instead of string concatenation to fix your problem and get rid of the SQL injection issue:
SqlCommand cmd = new SqlCommand("SELECT * FROM tblSubmissions WHERE Id = @id" , connect);
cmd.Parameters.Add("@id", SqlDbType.UniqueIdentifier);
cmd.Parameters["@id"].Value = id;