Great article on QUOTENAME, Thom, especially with the considerations given for SQL Injection, which is still rampant in the industry.
Andy also brings up a great point. A lot of people fail to read the documentation and don't realize that "character string" input operand is of the SYSNAME datatype and, even if they do, they don't realize that the SYSNAME datatype is actually an alias for "just" NVARCHAR(128). That means that not only do you have to be concerned with the length of the "character string", you also have to make the realization that it could be the cause of implicit conversions that would force scans rather than seeks if QUOTENAME were used to precondition criteria in a JOIN or WHERE clause.
Cool undocumented info for parenthesis and braces. Didn't know that and it prompted the following test. Turns out that there are several other useful characters that can also be used.
SELECT TheCharacter = CHAR(N)
,TestResult = QUOTENAME('Test',CHAR(N))
WHERE N <= 255
WHERE TestResult > ''
Here are the results from that snippet...
The unfortunate part of that is that, once again, MS failed to provide complete documentation for something that could be incredibly useful just based on what their perception of what is "useful" might actually be. :sick: Either that or the people writing the documentation just don't know what the capabilities actually are.