Judging from the function names I suppose you are using MS SQL while my query was for MySQL but other than that they are pretty much the same.
I don't know the logic of your code, I suppose it's just the end part of something more so I can't comment (and to be honest I don't recognize what language this is...).
Stopping IP's from entering is another subject but I believe this should be done as early as possible. The nature of malicious bots is that they are generating so many page requests that they can consume many resources both on the web server and the database. If you connect to the database for each bot request, even on the ban list, to check if the IP is on the ban list then this may already be too much strain on the server.
The most effective method will depend on the type of web server used. When I use Apache then I make use of the .htaccess file. When my cron job detects there is an IP to be banned it adds a rule to .htaccess to ban the IP - it acts like a kind of firewall. Then when the bot comes in its request is terminated very early with a 403 response - even before the actual web server language is started (for example PHP) and of course there's no connection to the database, either. You need to check what kind of rules you can use on your web server and take advantage of them if possible.
I remove the IP's from the ban list after 24 hours - most often the bots give up before that period and I can safely remove the ban. Another bot will certainly come from a different IP.