how to protect against sql injection in powershell script

I try to write simple gui with login to database. I have a problem with its protection against sql injection.

How can I use parameters in query to login and password.

This is part of my script:

function Get-ODBC-Data{

param([string]$query=$(throw ‘query is required.’))

$conn = New-Object System.Data.Odbc.OdbcConnection

$conn.ConnectionString = “Driver={PostgreSQL Unicode(x64)};Server=1.2.3.4;Port=1234;Database=dbname;Uid=user;Pwd=pass;”

$conn.open()

$cmd = New-object System.Data.Odbc.OdbcCommand($query,$conn)

$ds = New-Object system.Data.DataSet

(New-Object system.Data.odbc.odbcDataAdapter($cmd)).fill($ds) | out-null

$conn.close()

$ds.Tables[0]

}

$login = Show-InputForm “aaaa” “Username” “Password*”

$user = $login[0]

$password = $login[1]

$query = “SELECT * FROM aaa WHERE user=’$login’ and password=’$password’”

$result = Get-ODBC-Data -query $query