Is this SQL open to a sql injection attack?

Is the following sql open to a sql injection attack?

...code extract:

  @yourSearch_1         varchar(20) 
, @yourSearch_2         varchar(20) 
, @yourSearch_3         varchar(20) 
, @yourSearch_4         varchar(20) 


SELECT  COUNT(*) AS Total
FROM        myTable
WHERE   (   (col1 LIKE @yourSearch_1 + '%' AND @Search_1 = 1)   OR  @Search_1 = 0 )
    AND (   (col2 LIKE @yourSearch_2 + '%' AND @Search_2 = 1)   OR  @Search_2 = 0 )
    AND (   (col3 LIKE @yourSearch_3 + '%' AND @Search_3 = 1)   OR  @Search_3 = 0 )
    AND (   (col4 LIKE @yourSearch_4 + '%' AND @Search_4 = 1)   OR  @Search_4 = 0 )