Thanks all for your valuable inputs.

As per "The front end must protect the database from injection if you're not letting the database protect itself by disallowing the process in the first place."

this is again something which needs to be protected from front end - If I have understood correctly - data should be filtered and validated from the found end application so that it can protect the database from injection.

But for this application needs to be validated in the first instance? am i right?

Being a DB Admin can we do something from the SQL server end? if so please can you point out all the suggestions.

thanks,