SqlParameter does not allows Table name - other options without sql injection attack?

Question

I got a runtime error saying \"Must declare the table variable \"@parmTableName\". Meaning having table name as sql parameter in the sql-statement is not allow

Answer 1

(sqlAsk is string, right?) if it's right so let's try this:

using(var dbCommand = dbConnection.CreateCommand())
{
   sqlAsk = "";
   sqlAsk += " DELETE FROM  ";
   sqlAsk += " WHERE ImportedFlag = 'F' ";

   string table_name = "Your table name here";  //<- fill this as u need 
   sqlAsk = sqlAsk.Replace("", table_name); // it will replace  text to string table_name

   dbConnection.Open();

   rowAffected = dbCommand.ExecuteNonQuery();
}