It doesn't matter what technology you are using to develop your application: all of them are susceptible to SQL injection. Therefore, you need to take steps to make sure that your application is safe from this kind of attack. Here is a recommendation: always use type-safe parameter encoding when constructing dynamic SQL statements.
In almost all data APIs, you will be allowed to specify exactly what type of parameter you are passing. This even includes ADO.NET as a technology, which has been around for a while. These parameters could be integers, Booleans, or other primitive types. Most data APIs provide for encoding or escaping as a way to guard against hacking attacks.
Before you deploy your application into production, do a security audit on both your code and the application in general. Make sure that your database is locked down, with only the minimally required permissions for your application.