Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Quotename in SQL

Quotename() is a SQL Server String function.

It accepts an input string of of up to 128 characters. Which is a limitation , although you could easily create a workaround with a UDF

Returns a Unicode string  of a valid delimited identifier.

 Why would you use Quotename()?

  1)   Reviewing for SQL Injection Attacks

 2)    Dynamic statements  for object management , such as ALTER SCHEMA

 3)    Tokens in T-SQL job step scripts

 4)   Quote object name



select quotename('') -- []

select quotename('SQL [Server] DBA') -- [SQL [Server]] DBA]

select quotename('', '''') -- ''

select quotename('', '"') -- ""

select quotename('''s DBA', '''') -- '''s DBA'

select quotename('', '|') -- NULL

Author: Jack Vamvas (


Posted by Anonymous on 19 November 2011

Pingback from  Quotename in SQL | SQL Server | Syngu

Leave a Comment

Please register or log in to leave a comment.