When you "talk" to SQL, you talk in text messages: and a CREATE TABLE statement is a single such message - what you do in your loop is try to create a whole table for each element in it!
First you issue a command:
If not exists (select name from sysobjects where name = 'Customer') CREATE TABLE Customer(COLUMN1 INT)
Then you do it again for the next row:
If not exists (select name from sysobjects where name = 'Customer') CREATE TABLE Customer(COLUMN2 NVARCHAR(MAX))
And so on.
Regardless of if the table exists before the loop, it will definitely exist for the second row!
What you need to do is something along the lines of:
1) Preset string to "CREATE TABLE Customer ("
2) Preset Separator to blank
3) For each row, add to string the Separator and "[<ColumnName>] <ColumnType>"
4) Set Separator to comma
5) Repeat 3 for all rows
6) Add to string ")"
7) Execute command.
I'd suggest using a StringBuilder for this, or building a List of the name and type pair strings and using string.Join to combine them afterwards
But...You are going to need to be damn careful.
By the very nature of this code, it is wide open to SQL Injection - and particularly for a web based product that is very, very dangerous.
You need to care extreme care to check your inputs to make sure they cannot contain any odd SQL which can sabotage other tables or databases.
And the whole idea of a fixed name table on a web based table creator is going to give you real problems in production!