>Mike,
>
>Dynamic SQL isn't any more susceptible to Injection attacks than Store Procedures. You can call a stored procedures with literal parameters just as easily as you can a dynamic SQL statement <g>...
>
>There's no perf advantage to store procs in SQL 2000 or 2005, but there's more administrative control and some people like to centralize the data logic on the server.
>
>I love to have people who are hell bent on stored procedures try to justify it and come up with all sorts of non-issues <g>...
>
>+++ Rick ---

That's for sure!