Looks cool, definitey useful in many report scenarios.

I just 1 question...

Is this approach SQL injection safe?

I did not see any issues with your specific query at first sight, but I get a little worried when I see untyped parameters being passed, or dynamic queries being generated. I did not have enough time to make a thorough analysis here, I assume you could answer that, so it is easier for me to ask than spend the time

If not, a little warning might be good to accompany the article.

Thank you.

Duray AKAR