As far as the query to build, what you're describing is called "dynamic SQL". You'll need to take a look as sp_executesql in Books Online. It will tell you how to do that.
On the other hand, I recommend against doing what you're planning. Build the insert/update/delete commands as specific procs, then execute them with input parameters. Dynamic SQL opens up all kinds of security issues in your database.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon