You should do the insert through a stored procedure, passing parameters rather than constructing sql in code.
One way (of many) to do this is to wrap the process in a try/catch - transaction inside a stored procedure which, if it fails, returns a value that you can inspect and then take the appropriate action:
begin try
begin tran
insert into Table (Field1, Field2, Field3)
values (@Param1, @Param2, @Param3)
commit tran
select 1 [Result]
end try
begin catch
if @@trancount > 0
begin
rollback
end
select 0 [Result]
end catch
Another way might be to pass the staffid and test that with:
if (not exists(select top 1 1 from Table where StaffID = @StaffID))
begin
insert into Table (Field1, Field2, Field3)
values (@Param1, @Param2, @Param3)
end
Use or adapt either of these methods to suit your need but you should certainly consider wrapping everything into a stored procedure and call that rather thna constructing a sql string in code.