Stored Procs by default prevent SQL Injection unless have dynamic SQL and same your stored procedure does, so there is no need to worry
And if you are more conncerned you can remove some illegal characters used in hacking of SQL Server i.e. -(hyphen), ' (apostrophe)