SQL server 2k5......

Recently i was working in a project using c#.net as front end and MS SQL server as back end. i had the necessity of creating a table dynamically with the name of the user as the table name. i.e. once a user registers, a table is created in his name. For this i tried several methods like assigning the username to a variable and passing it as parameter for table name, passing the username directly as parameter. But none worked out. But still i searched for it over the net. Couldnt find any solutions.
I got vexed and was still searching. One day i had a chance to meet a programmer who works on SQL server. I put forth this question to him, he replied saying that there is possibility of creating a table dynamically as per my requirement but this is not prefered. He requested me not to try this because there is a possiblity of code injection attack i.e. if an user enters some code or enters a improper name in the place for text which accepts all forms because it is an string datatype, then the table name would be the same which is not a good programming practice(gpp). And the security of data is also poor as once you know the username its easy to hack the table and its data.
So, if anyone have the same idea just chuck it....