>You can create the SQL in a stored procedure like that, but since you're going to call sp_ExecuteSQL you still have to watch out for SQL Injection attacks. I just finished an article for FPA on the proper way to prevent them. Keep an eye out for it.
Good point. Had thought of that but in this case there is very low risk as it is in an Intranet and this particular function is only used by Admins to create some info for users to see.
"Once again, we come to the Holiday Season, a deeply religious time that each of us observes, in his own way, by going to the mall of his choice." -- Dave Barry