Preventing SQL Injection is a multi-tiered approach.
1. The application needs to inspect the strings where there was input from the user
Here is an MSDN article which lists characters which should be removed from the strings:
2. On the SQL Server, you would
a. as stated before, only give minimal permissions for the application
b. use stored procedures or parameterized queries
None of these are quick changes, other than perhaps restricting the permissions that the application has and testing to see if it breaks anythign.
SQL Injection is one of those things that need to be considered at the very beginning of application and database design, not an after thought. The DBA should make and enforce standards for accessing the database.