I took the trouble to point out issues in your code which will cause problems for you, in general. You can choose to ignore them.
I also pointed out the things in your code that I found which look like they are preventing the Dynamic SQL it from working, so I did answer your question or at least attempt to.
With regard to performance I think I only made an observation that parametrised use of sp_ExecuteSQL is more efficient; far more important is reducing the risk of SQL Injection. I don't know if you will ever have data in your query that came from a user (data entry form), if not the data being used in your query may be totally under your control, but even then parametrising it avoids any possible risk of a single quote in the data breaking your Dynamic SQL syntax