Is passing by use of parameter necessary for data type int to prevent sql injection

as per question once more: Do we really need to pass numbers datatype variable values as parameters to prevent sql injection.

I do have two sample function one with parameter and next without using parameter

function CheckThis(int UIN)
{
  var connect = ConfigurationManager.ConnectionStrings["NorthWind"].ToString();
  var query = "Select * From Products Where ProductID = @ProductID";
  using (var conn = new SqlConnection(connect))
  {
    using (var cmd = new SqlCommand(query, conn))
    {
      cmd.Parameters.Add("@ProductID", SqlDbType.Int);
      cmd.Parameters["@ProductID"].Value = UIN;
      conn.Open();
      //Process results
    }
  }
}

OR is following ok

function CheckThis(int UIN)
{
  var connect = ConfigurationManager.ConnectionStrings["NorthWind"].ToString();
  var query = "Select * From Products Where ProductID = " + UIN;
  using (var conn = new SqlConnection(connect))
  {
    using (var cmd = new SqlCommand(query, conn))
    {
      //cmd.Parameters.Add("@ProductID", SqlDbType.Int);
      //cmd.Parameters["@ProductID"].Value = UIN;
      conn.Open();
      //Process results
    }
  }
}