Simply put use stored procs or an ORM. Validate everything at every step in the relay (each layer) that can modify a particulair entity. Client -> Business Object layer -> Data Access Layer -> to wherever. This is a fundamental to quality software. Specially but not limited to if you need to use query building in your stored proc.

Limiting your mutable footprint may be a valid option. Knowing is most of the battle.

Later you start planning for this issue the more costly the endeavor becomes. As most things in software egineering:)