DataAssist does include code to help prevent SQL Injection attacks. using form validation is also a good idea.
In your form validation, you should be validating the data types for the different fields. For example, I see you have applied Email Validation to the email address form field, but only Required Validation to the First name and last name fields.
It would be a good idea to use alpha numeric validation on those fields instead to restrict special characters from being entered.
validating on the data type can help further prevent against SQL Injections.