Think you can limit how many symbols the user can enter to some reasonable value. If you can limit it, say to 20, you can use something like
Select * from (((((((((((((((((((( Select * from table where column LIKE '$value$%' )))))))))))))))))))) i.e. malicious user will have to use 20 closing parenthesis in the value - no room left for extra SQL
