If we had the body of the stored proc, it might be clearer. But ... what it looks like is that SQL Server is interpreting your parameter as an indentifer (i.e., column name). The clue is the error message which states "The identifier that starts with 'ProductCode = 'FA' AND [...] is too long". i.e., SQL Server is looking for a column named "ProductCode = 'FA' AND [...etc...]"
So what I suspect is you've done this in within the stored proc:
SELECT col1, col2, col3, ... FROM table WHERE @where
...and your hoping the where clause to work just like that.
Assuming this is what you've done, it won't work. If this isn't what you've done, the rest of this answer may be completely bogus :-) If you can give an example of the body of the sproc, it might make things clearer.
So assuming my suspision is correct, you need to write it as a dynamic SQL statement like this:
DECLARE @sql NVARCHAR(2000)
SET @sql = 'SELECT col1, col2, col3, ... FROM table WHERE ' + @where
EXEC sp_ExecuteSQL @sql
HOWEVER ... even this isn't the end of the story as this is prone to injection attacks, which are a very bad thing. What you're better off doing is changing the params to your stored proc to make use of parameterised SQL which won't be prone to injection attacks. Something like this...
ALTER PROCEDURE sp_AllocationReport (@ProductCode VARCHAR(10), @AllocationDate DATETIME, {rest of your parameters})
AS
DECLARE @sql NVARCHAR(2000)
SET @sql = 'SELECT col1, col2, col3, ... FROM table WHERE 1 = 1'
IF ISNULL(@ProductCode, '') <> ''
SET @sql = @sql + ' AND ProductCode = @pProductCode'
IF @AllocationDate IS NOT NULL
SET @sql = @sql + ' AND AllocationDate = @pAllocationDate'
{other conditionals, depending on what you need to pass in}
EXEC sp_ExecuteSQL @sql, '@pProductCode VARCHAR(10),
@pAllocationDate DATETIME,
{other passed in params}
', @ProductCode, @AllocationDate
This code isn't prone to injection attacks. It's also more performant as SQL Server will cache execution plans more reliably. Read up about this; there's plenty out there on it.