sp_executesql allows typed parameters in dynamic SQL. In PostgreSQL use EXECUTE ... USING in PL/pgSQL or format() with %I for identifiers and %L for literals.
Safe pattern in PostgreSQL
EXECUTE format('SELECT * FROM %I', table_name);sp_executesql and Dynamic SQL: PostgreSQL Equivalent
SQL Server EXEC and sp_executesql become EXECUTE format() or PL/pgSQL with quote_literal in PostgreSQL.
Analisador de Impacto
Dynamic SQL is an injection vector if converted poorly. Review every EXEC in the project risk map.