strSQL="SELECT * FROM Bidder WHERE 'BIDDER_ID=" & strBidderID & "' and 'BIDDER_ACCOUNT_ACTIVATED=yes' AND 'BIDDER_STATUS=UNBLOCKED';"
No dear the above statement u mentioned is wrong....cauz value should be passed withing single quote (') if its datatype is not numeric. Remember whatever u mentioned in a single quote sql server read it as a constant or value. hence u must give field name out side the single quote. your query should be like below.
strSQL="SELECT * FROM Bidder WHERE BIDDER_ID='" & strBidderID & "' and BIDDER_ACCOUNT_ACTIVATED='yes' AND BIDDER_STATUS='UNBLOCKED'"
Yes you can give AND number of times in where clause.