Is this safe from sql injection?string whereClause = "WHERE " + filter.ToStrin

1. Is this safe from sql injection?
2. string whereClause = "WHERE " + filter.ToString() + " > " + nextStartPoint;
3. string orderBy = "ORDER BY " + filter.ToString() + " DESC";
4.  
5. string sql = "SELECT TOP(" + numItemsToGet + ") * " +
6. "FROM Items " +
7. whereClause + " " +
8. orderBy;
9.  
10. cmd.Parameters.AddWithValue("Count", 10);
11.  
12. string sql = "SELECT TOP(@Count) * " +
13.  
14. SET ROWCOUNT @numItemsToGet
15.  
16. select *
17. from Items
18. where
19. (
20. @ColumnANextStartPoint is null
21. or ColumnA > @ColumnANextStartPoint
22. ) and (
23. @ColumnBNextStartPoint is null
24. or ColumnB > @ColumnBNextStartPoint
25. ) and (
26. @ColumnCNextStartPoint is null
27. or ColumnC > @ColumnCNextStartPoint
28. )
29. order by
30. case @ColumnANextStartPoint when null then null else ColumnA end DESC,
31. case @ColumnBNextStartPoint when null then null else ColumnB end DESC,
32. case @ColumnCNextStartPoint when null then null else ColumnC end DESC
33.  
34. SqlConnection someConnection = new SqlConnection(connection);
35. SqlCommand someCommand = new SqlCommand();
36. someCommand.Connection = someConnection;
37.  
38. someCommand.Parameters.Add(
39. "@username", SqlDbType.NChar).Value = name;
40. someCommand.Parameters.Add(
41. "@password", SqlDbType.NChar).Value = password;
42. someCommand.CommandText = "SELECT AccountNumber FROM Users " +
43. "WHERE Username=@username AND Password=@password";
44.  
45. someConnection.Open();
46. object accountNumber = someCommand.ExecuteScalar();
47. someConnection.Close();