Yes, you are safe from SQL injections by using the db adapter quote functions.
When you use quoteInto
Zend will call Zend_Db_Adapter::quote method to escape the value string.
From Zend Docs:
The quote() method accepts a single argument, a scalar string value. It returns the value with special characters escaped in a manner appropriate for the RDBMS you are using, and surrounded by string value delimiters.
To make your application safer you should also use Zend_Form
with elements utilizing available Zend Filters and Zend Validators. Validation of elements will catch the problem and avoid junk database calls and filters will sanitize your data!