you can change the sql statement bit,
SqlCommand cmdd = new SqlCommand("IF NOT EXISTS(SELECT 1 from Ratecard where Vendor_Name='" + TextBox1.Text + "')" +
" Insert INTO Ratecard (Vendor_Name,Asset_type,New,Refurbish,Repaired) VALUES('" + TextBox1.Text + "','" + SerialArray[i] + "',0,0,0)"+
" else" +
" UPDATE Ratecard SET Asset_type ='" + SerialArray[i] + "' WHERE Vendor_Name= '" + TextBox1.Text + "'", con);
Don't concatenate sql statement like above, it is not the best practice
your program is widely open for sql injection attacks, try to use parameterized sql