Using variable for property name - is SQL Injection possible?

Currently on ogm but we're planning to move to sdn. I'm passing a param from the frontend to the db to determine the property ex.

//passing in FE param as enum type then converting enum type to string to use in db cypher call

MATCH (p:Person)
WHERE p[$param] = ""

Is it possible for a sql injection or other security risk to occur?

Looks like using params will prevent cypher injections yay > Protecting against Cypher injection - Knowledge Base