In the code you provided, the code that’s at risk from injection is this line:
cursor.execute(f'INSERT INTO accounts VALUES("{user}", "{password}")')
So, what you have to worry about is the safety of the values of user and password at that point. You’re allowing the user to enter them from the console, so they could basically enter anything.
You could instead:
cursor.execute(f'INSERT INTO accounts VALUES(?, ?)', (user, password))
This has the same result, but now cursor.execute() (or an underlying call) turns the values of user and password into the values for SQL and has a chance of catching shenanigans in the process.
CLICK HERE to find out more related problems solutions.