Since you are concerned about this, you should be using
dynamic stored procedure .
In the stored proc you can check the parms prior to assembling the dynamic SQL.
Also, frequently you can use CASE function instead of dynamic SQL.
Kalman Toth - Database, Data Warehouse & Business Intelligence Architect
SQL Server 2005 Training, SSAS, SSIS, SSRS: http://www.sqlusa.com/