Quoting the input string with the specified character

Submit Blog |

Blogs Home |

While focusing injection related issue, I happen to look into the function QuoteName method in SQL Server. It's used to Enclose or Quote a string with the specified character string.

Consider the below query, am asking SQL Server to enclose the string with [ ] (Bracket)

SELECT QUOTENAME('abc [ ] def','[]')

The output is,

[abc [ ]] def]

This function is really useful to enclose the string with the specified literal and avoid SQL Injection issues while passing the parameter.

Cheers,
Venkatesan Prabu .J
www.kaashivinfotech.com

Cheers,
Venkatesan Prabu .J
Head, KaaShiv InfoTech
http://kaashivinfotech.com/Ebooks.aspx

Found interesting? Add this to:

| More | Bookmark It

More Blogs from Jvprabhusanthi

More ...

About Venkatesan Jayakantham

Experience:	9 year(s)
Home page:	http://www.dotnetfunda.com
Member since:	Tuesday, May 01, 2012
Level:	Starter
Status:	[Member]
Biography:

>> Write Response - Respond to this post and get points

More Blogs
	Read text file line by line in C# Auto Scroll option in List box Enabling delay process in c# Copying the code from pdf 404 Errors after clicking Wordpress links Issue with DatetimePicker data Analysis Services version '10.50.1600.1' Get Recent records from the table Time dimesions in SSAS Submit Blog \| More ...