More insecure dynamic SQL....
Please, do you company a favour and stop writing dynamic SQL until you've read up and understand SQL injection.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability