Here's a small example of using the sp_executesql. At least one problem in your procedure is that you don't define the parameters at all:
CREATE TABLE DynTest (
col1 varchar(100),
col2 int
);
INSERT INTO DynTest VALUES ('A', 1);
CREATE PROCEDURE DynTestProc (@colName varchar(100), @value int) AS
DECLARE @sql nvarchar(2000);
DECLARE @parameters nvarchar(2000);
BEGIN
set @sql = N'UPDATE DynTest SET ' + @colName + ' = ''B'' WHERE col2 = @valueinsql';
set @parameters = N'@valueinsql int';
print @sql;
print @parameters;
exec sp_executesql @sql, @parameters, @valueinsql = @value;
END;
EXEC DynTestProc 'col1',1
SELECT * FROM DynTest
EXEC DynTestProc 'nonexistentcol',1 <