Thanks for the article. My only suggestion would be to move the SQL injection warning into a prominent box at the top of the article. Many readers might jump right into using dynamic SQL without taking into account the security implications.
And maybe also add a link to "The Curse and Blessings of Dynamic SQL," by Erland Sommarskog:
http://www.sommarskog.se/dynamic_sql.html
- webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html