>>Well basically I don't have the authority to upgrade the SQL servers...Those are the clients responsibility... BTW, if you want to create serverside cursors (SELECT * INTO #CURSOR FROM ...), you cannot even use parameters. I know the risk of SQL injection is serious and we use paramerters where applicable, but there are circumstances where we simply cannot use them and are doing what we can to prevent SQL injection.
>
>Sorry I don't understand what you mean by "(SELECT * INTO #CURSOR FROM ...), you cannot even use parameters". I can. I really don't know a case where I can't use parameters (and there are even ways to pass 2100 parameters limit by passing say a string or xml to be parsed - for example IN query implementation via string is efficient and fast), there might be.
>Cetin

By using parameters it is executing the sp_executeSQL stored procedure within its own transaction. Any temporary table created is released as soon as the transaction completes.