What is the best strategy to avoid hard coded SQL statements

Question

The other day I was showing a colleague some code I was working on, and in the passing he commented on the fact that I have hard coded SQL statements. Now these SQL Statements a

Answer 1

Some ideas:

1. At the database level, restrict the application user from executing objects other than stored procedures.
2. Use a database library that either binds SPs to classes, or only works with SPs.
3. Coding policy combined with Code Reviews/Walkthroughs.

These may not be the friendliest approaches, but they do have a value in certain environments.