If you are determined to use dynamic T-SQL then use a parameterised sp_executesql statement.

Even better I'd turn this into a parameterised stored procedure and do the string splitting on the...

Using dynamic SQL like this is equal to the last S in KISS - Stupid!

SQL Injection attack waiting to happen.

-- removed --

whoops didn't see there were more pages before replying.

I guess the whole check what version of .NET you have installed via your browser is supposed to be quick?

Why not simply go Control Panel >> Programs and Features to...

I've installed both SQL 2008 and SQL 2008 R2 (both 64bit versions) on Windows 7 Pro 64bit and had zero installation issues.

I must be lucky.

Why use the output syntax, table variable and dynamic sql?

Wouldn't the following be simpler (no permissions issue on table if user running it only has access to SP either) :

insert...

I ran the same 2 tests on Win 7 64bit Quad core, 8GB Ram machine running SQL Server 2008 Developer 64bit.

And got the following:

GetDate(): 2604 values with precision...

I haven't looked at it yet mainly because on the product I work on we're only just getting onto SQL 2005 with the version currently in development. Even then it's...