Whenever possible, you should use:

EXEC sp_executesql @sql [rather than EXEC(@sql)]

because it is far less susceptible to SQL injection, although not foolproof depending on what you are trying to make dynamic.

If you just need to have a stored proc run in the context of a given db, you can do that far more effectively by:

1) prefixing the proc name with sp_

2) creating the proc in the master db

3) setting the proc as a "system object"

Then you can use it from any db and it functions within the context of that db.