SQL Server Quotename Articles
Using QUOTENAME() to Protect Against SQLInjection
QUOTENAME is function which has been available since SQL Server 2005. This function returns a Unicode string with the delimiters added to make the input string a valid SQL Server delimited identifier, such as in the below example The output for this query is as below: String Default_QuoteName QuoteName_WithQuote Long_String SQL Server [SQL Server] […]