In your code you should also use parameters. For example
...
using (SqlCommand cmd = new SqlCommand("SP_Name", sqlCon){
...
cmd.Parameters.AddWithValue ("@param1", textField1.Text);
...
}
In theory, this is sufficient for preventing sql injection. If you want to take it further you could replace known keywords or check for specific ranges of values depending on your data.