Using variable for property name - is SQL Injection possible?

Currently on ogm but we're planning to move to sdn. I'm passing a param from the frontend to the db to determine the property ex.

//passing in FE param as enum type then converting enum type to string to use in db cypher call
param='email' 

MATCH (p:Person)
WHERE p[$param] = "email@google.com"
RETURN p

Is it possible for a sql injection or other security risk to occur?

Looks like using params will prevent cypher injections yay > Protecting against Cypher injection - Knowledge Base