As per solution 1, no you do not and, for client machines, should not.
You can connect to (remote) databases using
.NET Framework Data Providers[
^] which are included in the .NET framework. The link (to the Microsoft Docs) gives further information and links to "how to" articles.
Also as per solution 1 - use Parameterized queries - this article explains why ..
SQL Injection - OWASP[
^] .. and this one explains how ...
Query Parameterization Cheat Sheet - OWASP[
^]
[EDIT]
I had another look at the code you posted ... instead of using
sys.tables
use
System Information Schema Views[
^] - they are designed to be cross platform and cross version so you will be helping to "future proof" (protect) your code.
if exists (select * from INFORMATION_SCHEMA.TABLES where TABLE_NAME = 'ContaVarlık' AND TABLE_SCHEMA = 'dbo')
drop table dbo.ContaVarlık;
Also the first bit of code that contains the concatenation does not need the concatenation - it could just be
Insert into ContaVarlık([Parça Varlığı],Tarih) VALUES ('OK',GetDate())