0) DO NOT use formatted strings to form queries. Use parameterized queries instead.
1) I fail to understand why people don't write stored procedures instead of hand-jamming the SQL in code like this.
2) A properly written query can Update existing data AND Insert new data. For example, the following code will attempt to insert data, and if it did not succeed, it will insert it instead.
UPDATE database.dbo.mytable
SET field1 = @param1
WHERE field2 = @param2
IF @@ROWCOUNT = 0
INSERT INTO database.dbo.mytable
(field1, field2) VALUES (@param1, @param2)