You can "
Filter Input And Escape Output".
That means you need to be 100% sure of what you are saving to your database by proper validations and restrictions while storing the data.
Refer -
1.
Hack-Proofing Your ASP.NET Applications[
^].
2.
Securing Your ASP.NET Applications[
^].
But, still I suggest you to go for parameterized query and Stored Procedures.
It will take time to build, but will secure your application for sure.
Thanks...