Short answer to your question is – you are safe if you use parameters.
(comments below are a bit outside of the scope of your original question but I strongly recommend you take some time to learn more on this topic)
However this doesn’t mean you shouldn’t validate user input in any way. Even though you are safe from SQL injection failing to validate user input may lead to making your data dirty with just about anything people will insert.
Also, make sure you are using account with least privileges to improve security even more.
Here is a good article on this topic from MSDN.