QUOTENAME

QUOTENAME is a SQL Server function that returns a Unicode string with delimiters added to make the input string a valid SQL Server delimited identifier. It prevents SQL injection by wrapping the given string in square brackets, which are the default delimiters.

QUOTENAME( ‘character_string’ [ , ‘quote_character’ ] )

  • ‘character_string’: This is the string to be quoted. It is a string literal, binary literal, or variable of either string or binary data. This parameter must have an explicit or implicit convertible data type to string.
  • ‘quote_character’: This is an optional parameter. When specified, it provides the character used to quote the character_string. The quote_character must be a single character string. If not specified, brackets will be used. If a character other than a right bracket (]), double quotation mark (”), or single quotation mark (’) is specified, QUOTENAME returns NULL.

Example

SELECT QUOTENAME('CS/IT');

Output

'[CS/IT]'

Explanation

QUOTENAME() is a built-in function in SQL Server that encloses an identifier in delimiters, here used to surround the string ‘CS/IT’ with square brackets. This function makes it convenient when dealing with object identifiers made up of non-alphanumeric characters.

For in-depth explanations and examples SQL keywords where you write your SQL, install our extension.