• Grant is right on. Your use of sp_executeSQL is superfluous in terms of preventing injection the way you have implemented it. Read BOL on sp_executeSQL and learn how it works. It is always important to do as much parameter validation at the application level as possible even when using sp_executesql. Parameter validation inside stored procedures is also valid.

    The probability of survival is inversely proportional to the angle of arrival.