In below sql query construction I am sending table-name and connection-string during run time which makes me prepare query like this in C#,

 using (var cmd = new NpgsqlCommand($@"CREATE TABLE IF NOT EXISTS {table} (
                                                            Name VARCHAR(250));", connection))
            {
                await cmd.ExecuteNonQueryAsync();
            } 

In static code analysis scan I am getting this as Non-constant SQL error and below is the suggestion,

Use one of the following methods:Use a query-preparation API to safely construct the SQL query containing user-supplied values.Only concatenate a user-supplied value into a query if it has been checked against a whitelist of safe string values, or if it must be a Boolean or numeric type.

What this mean and how to prepare such SQL query in C#?