QUOTENAME
QUOTENAME is a SQL Server function that returns a Unicode string with delimiters added to make the input string a valid SQL Server delimited identifier. It prevents SQL injection by wrapping the given string in square brackets, which are the default delimiters.
QUOTENAME( ‘character_string’ [ , ‘quote_character’ ] )
- ‘character_string’: This is the string to be quoted. It is a string literal, binary literal, or variable of either string or binary data. This parameter must have an explicit or implicit convertible data type to string.
- ‘quote_character’: This is an optional parameter. When specified, it provides the character used to quote the character_string. The quote_character must be a single character string. If not specified, brackets will be used. If a character other than a right bracket (]), double quotation mark (”), or single quotation mark (’) is specified, QUOTENAME returns NULL.
Example
Output
Explanation
QUOTENAME()
is a built-in function in SQL Server that encloses an identifier in delimiters, here used to surround the string ‘CS/IT’ with square brackets. This function makes it convenient when dealing with object identifiers made up of non-alphanumeric characters.