I have a simple question that concerns security in WebMatrix razor (C#)

I (for a very brief period of time) considered using character checking to help validate forms to combat SQL injection, however, after realizing that parameterizing queries is the best way to combat this, I have since commented out this check which looks something like this:

    foreach(char c in POIName)
    {
        if(c=='\'' || c=='$' || c=='\"' || c=='&' || c=='%' || c=='@' || c=='-' || c=='<' || c=='>')
        {
            errorMessage = "You have entered at least one invalid character in the \"POI Name\" field. Invalid characters are: [\'], [\"], [&], [$], [@], [-], [<], [>], and [%]";
        }
    }

Now, my question is this:
Should I remove lines like these entirely, as they are not needed (to allow maximum user freedom in textareas etc.) or should there still be some character checking specific to WebMatrix (or not specific to it for that matter).

Perhaps not allow “@” or “;” or “<” or “>”??

From what I understand paramaterizing the queries (as I have) auto escapes harmful characters and re-wraps the whole thing as a string (or something like that anyway, lol), and my database has proven impervious to any of the SQL injection attacks I have thrown at it.

I guess I am concerned because I am not sure if razor can be effected somehow or if I should worry about XSS (no I am not a blog or anything that should ever accept html tags or even angle brackets of any kind).

Sorry if this question is kind of all over the place, but I don’t know where else to turn to find as definitive of an answer as Stack Overflow usually provides (e.g., I trust this community much more than a few Google searches, which I assure I have tried before posting).

Thanks for any help!