Parameterized queries are a good idea in almost every case.
All it takes is one mistake in the service which processes the uploaded file and you could have SQL injection issues.
Security is about defense in depth, meaning you use several layers of security in case there's a hole in another part of your system. I would recommend following best practices for SQL queries. In the end it's not strictly required, but it would present an unnecessary risk considering how little effort it takes to parameterize queries.
It can also improve code readability by eliminating the constant opening, closing, and appending of strings where it's easy to miss quotes for a string type parameter.