In order to avoid sql injection I would write something like this:
ALTER proc [dbo].[sp_Category122] @id int,@mode char(1)
as
declare @query nvarchar(4000)
set @query = 'Select * from quest_categories where cat_id = @id'
if @node='a'
set @query = @query + ' and cat_name=''sql'''
exec sp_executesql @query, N'@id int', @id