You parameterize the values passed to the query, not the tables and columns. Those have to be explicitly stated. As Gail said, you can build those statements dynamically, but you better have great syntax checking to ensure you don't hit SQL Injection.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning