DECLARE @col VARCHAR(9) ,
DECLARE @val VARCHAR(100)
SET @col = 'firstname'
EXEC('SELECT * FROM table WHERE firstname like ''%' +@val+'%'' ORDER BY '+@col)
GO
DECLARE @col VARCHAR(9) ,
DECLARE @val VARCHAR(100)
SET @col = 'firstname'
EXEC('SELECT * FROM table WHERE firstname like ''%' +@val+'%'' ORDER BY '+@col)
GO