Head.SmackOnTable();

Seriously. If I see ANYONE under my employment writing code like this, without a VERY GOOD REASON, I will look at getting rid of you for gross negligance, and possibly criminal acts, under the geneva convention.

    public static DataTable GetAll(String where)
    {

        // get a configured DbCommand object
        DbCommand comm = GenericDataAccess.CreateCommand();

        //define command type
        comm.CommandType = CommandType.StoredProcedure;

        // set the stored procedure name
        comm.CommandText = "GetAll";

        //Create new parameter
        DbParameter param = comm.CreateParameter();
        param.ParameterName = "@tableName";
        param.Value = _tableName;
        param.DbType = DbType.String;
        //Add param to command object
        comm.Parameters.Add(param);

        //Create new parameter
        param = comm.CreateParameter();
        param.ParameterName = "@where";
        param.Value = where;
        param.DbType = DbType.String;
        //Add param to command object
        comm.Parameters.Add(param);

        DataTable dt = new DataTable();
        dt = GenericDataAccess.ExecuteSelectCommand(comm);

        return dt;

    }

If your WHAT THE FUCK meter isnt going off already, wait till you see GetAll:

ALTER PROCEDURE [dbo].[GetAll]
	@tableName VARCHAR(50),
	@allRecords BIT = NULL,
	@where NVARCHAR(1024) = NULL
AS
BEGIN
	SET NOCOUNT ON;

	DECLARE @sql VARCHAR(200)

	IF @where IS NULL
	BEGIN
		-- Insert statements for procedure here
		IF @allRecords = 1
		BEGIN
			SET @sql = 'SELECT * FROM ' + @tableName
		END
		ELSE
		BEGIN
			SET @sql = 'SELECT * FROM ' + @tableName + ' WHERE disable = 0'
		END
	END
	ELSE
	BEGIN
		SET @sql = 'SELECT * FROM ' + @tableName + ' ' + @where
	END

	EXEC (@sql)
END

Seriously. DEAR GOD. HOW THE HELL DID YOU GET A JOB?