sp_executesql and Execute statement are used to execute a sql stored Procedure. The execute statement doesn’t support parameter substitution in the executed string.
According to Sql server Book Online Link Here.
‘To execute a string, we recommend that you use the sp_executesql stored procedure instead of the EXECUTE statement. Because this stored procedure supports parameter substitution, sp_executesql is more versatile than EXECUTE; and because sp_executesql generates execution plans that are more likely to be reused by SQL Server, sp_executesqlis more efficient than EXECUTE.’
So the best thing to use is sp_executesql but depends according to the requirement.
Reference : Dilip Kumar Jena ( https://sqlexplore.wordpress.com )