Further to solutions 1 and 2 (and note it can be used for more than just stored procedures), you should read this
post[
^] and the articles linked within it - it discusses the differences between
EXEC
and
sp_executesql
and how the latter is better to avoid
sql injection[
^]