To get exact match, your query should looks like:
SELECT PatientId, FirstName, LastName, Sex, Age, CNIC, Phone, GaurdianName
WHERE PatientId LIKE =@PatientId
I would suggest you to create stored procedure and call it from code behind.
Using a Stored Procedure with Output Parameters
How to create a SQL Server stored procedure with parameters