If the column is a varchar, which you said it is, then what you compare against it should be a string, hence in quotes. If you compare a string and an integer SQL has to do conversions unnecessarily, which increases the chance of something breaking.
And there is a value somewhere that can't be cast to numeric, as the error said, "Arithmetic overflow error converting varchar to data type numeric"
And if you need the dynamic SQL, then please, go fix your injection risk before someone exploits it and posts the contents of your database to pastebin.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability