To be honest, I wouldn't recommend that either. It's vulnerable to SQL injection and it completely violates the software engineering principal of single responsibility. In front end development no one would consider writing a function that can update properties of an employee object, vehicle object, movie object or accounting collection depending on parameter values, so why do it in a stored procedure.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability