I strongly recommend against this approach. It's a security risk and a maintenance nightmare. You wouldn't develop a C# method that could handle customers or products depending on a parameter passed, don't do it to SQL procedures.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability