Much appreciated, Ive read from somewhere if I use QUOTENAME(@FieldName,'''') with 4 single quotations, it makes stored procedure bullet proof from sql injection, but Im still in doubt if its adequate.
According to documentations QUOTENAME('Syntax-Example','''') produce 'Syntax-Example' out put.
But documentation didnt described how QUOTENAME('Syntax-Example','''') produce 'Syntax-Example' out put.
Is there any logic behind this? Or its just a rule?
___________________________________
Computer Enterprise Masoud Keshavarz
I don't care about hell.
If I go there I've played enough Diablo to know how to fight my way out.