If you are not processing your input that you are passing to your query (built at run time) you are vulnerable to SQL injection. Adding to dll or not doesn't makes any difference.
To overcome this you need to use parameterised queries. They have multiple advantages a part from security.
One reason that i can think of right now is that you have a text box. And your query is
"select * from table1 where name = '" + textbox1.Text;
Not lets assume that in textbox1 user enters Ehsan's
. Your query will go bang and won't even execute.
Example of parameterised query
"select * from table1 where name = @Name"
yourCommand.Parameters.AddWithValue("@Name", textbox1.Text);