SQL Language

Quoting the Input String with the Specified Character

While focusing injection related issue, I happen to look into the function QuoteName method in SQL Server. It's used to Enclose or Quote a string with the specified character string. Consider the below query, am asking SQL Server to enclose the string with [ ] (Bracket)

SELECT QUOTENAME('abc  [   ] def','[]')

The output is,

[abc  [   ]] def]

This function is really useful to enclose the string with the specified literal and avoid SQL Injection issues while passing the parameter. 
Ebook Download
View all
Learn
View all
Get Started

You need to be a premium member to use this feature. To access it, you'll have to upgrade your membership.

Become a sharper developer and jumpstart your career.

Basic

$0

$

. 00

monthly

For Basic members:

  • Standard Profile
  • Access learning courses
  • Access free e-books
  • 1x point
Premium

$20

$

. 00

monthly

For Premium members:

  • Earn 2x reward points
  • Premium profile with Verified check
  • Premium Avatar with status update
  • Learning courses
  • Unlimited Certifications and badges on profile
  • Unlimited Book downloads
  • Access to Premium content
  • Online Training
  • Unlimited PDF conversions and downloads
  • Professional Resume Writing
  • Interview Preparations Guide
  • 25 messages per month
  • 1 "Kodzu" avatar, basic
Elite

$45

$

. 00

monthly

For Elite members:

  • Bundle E-books
  • Access to all Learn Series
  • Unlimited Apply Jobs