Is Dynamic SQL in Your Stored Procedures Vulnerable to SQL Injection?
... article. Since writing sprocs as outlined in Erland's article can be tedious, I created a CodeSmith template that will do the work for you. You only need to input the table you wish to query, and CodeSmith will generate a complete sproc for you. ...