Yes - but first don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
You can modify rows just by issuing an UPDATE query instead of an INSERT: INSERT always creates a new row, UPDATE only ever changes existing rows.
The rough syntax is:
UPDATE MyTable SET MyColumn = MyNewValue, MyOtherColumn = MyOtherNewValue WHERE MyROwIDColumn=TheIDOfTheColumnToChange
BTW do yourself a favour: INSERT and UPDATE commands do not return any row data - so using a DataReader is pointless. Instead, these type of commands should be issued with ExecuteNonQuery - which returns the number of rows inserted or changed instead.
And seriously: Go through all your code and get rid of string concatenation - it is really dangerous!