The good thing about using sp_executesql is that you can pass the parameter value instead of completely building the string on the fly like this...

DECLARE @SQL NVARCHAR(MAX)

DECLARE @TBL TABLE (i int)

SET @SQL = 'SELECT message_id FROM sys.messages WHERE message_id < @ID'

INSERT INTO @TBL

EXEC sp_executesql @SQL, N'@ID INT' , 1000

SELECT * FROM @TBL