I'd say it's your job as consultant to advise the client against this approach.
There's no way to do this without dynamic SQL. You need to account for the security risks, it's more development time often, harder to debug, more prone to errors, etc.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability