Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Quotename in SQL

Quotename() is a SQL Server String function.

It accepts an input string of of up to 128 characters. Which is a limitation , although you could easily create a workaround with a UDF

Returns a Unicode string  of a valid delimited identifier.

 Why would you use Quotename()?

  1)   Reviewing for SQL Injection Attacks

 2)    Dynamic statements  for object management , such as ALTER SCHEMA

 3)    Tokens in T-SQL job step scripts

 4)   Quote object name

Examples

 

select quotename('sqlserver-dba.com') -- [sqlserver-dba.com]

select quotename('SQL [Server] DBA') -- [SQL [Server]] DBA]

select quotename('sqlserver-dba.com', '''') -- 'sqlserver-dba.com'

select quotename('sqlserver-dba.com', '"') -- "sqlserver-dba.com"

select quotename('sqlserver-dba.com''s DBA', '''') -- 'sqlserver-dba.com''s DBA'

select quotename('sqlserver-dba.com', '|') -- NULL

Author: Jack Vamvas (http://www.sqlserver-dba.com)

Comments

Posted by Anonymous on 19 November 2011

Pingback from  Quotename in SQL | SQL Server | Syngu

Leave a Comment

Please register or log in to leave a comment.