>>As I said, the problem we often ran into with parameters is called 'Parameter Sniffing' problem. There are several articles on this topic which you may want to read. Say, by Tibor K or by Erland S.
>
>Ok, but, what do you recommand in that situation for a change towards that direction.
>
>He did provide a solution that I believe would have allowed us to not run into an error when it happened in production. However, as is, it wouldn't be good to implement because of a risk factor. I do not know if a mix and match would apply in this case. For example, if I push the parameter value for the full text index directly in the command, as this is a CONTAINS function, would there be a risk factor in here for someone trying to hack something?

For the parameter's sniffing problem I recommend adding OPTION (RECOMPILE) to the end of the query.

I think there will be a risk factor if you try to embed parameters directly into a string to execute.