Use QUOTENAME( )… [or else!]

by Larry Leonard

Lately, I seem to be reading a lot of "bracket-slapping" code:

SET @Sql = 'ALTER INDEX [' 
         + @IndexName  + '] ON [' 
         + @DBName     + '].[' 
         + @SchemaName + '].['
         + @ObjectName + '] REORGANIZE '

This is much easier to read (and easier to type!) than using the QUOTENAME() function:

SET @Sql = 'ALTER INDEX ' 
         + QUOTENAME(@IndexName)  + ' ON ' 
         + QUOTENAME(@DBName)     + '.' 
         + QUOTENAME(@SchemaName) + '.'
         + QUOTENAME(@ObjectName) + ' REORGANIZE '

BOL says that QUOTENAME() "[r]eturns a Unicode string with the delimiters added to make the input string a valid Microsoft SQL Server delimited identifier." So these two code snippets are pretty much interchangable, right?

But QUOTENAME() would be pretty lame if all it did was slap brackets around a string, wouldn't it? Fortunately (or unfortunately, if you've got a lot of "bracket-slapping" code laying around) it does more: it "escapes" embedded bracket characters. For example, let's take the table name 'Sales YTD [2009]', and try to create it.

-- Demonstrate that QUOTENAME() is safer than bracket-slapping.
DECLARE @Sql      NVARCHAR(4000) = ''
DECLARE @TableOne sysname        = 'Sales YTD [2009]'

-- Expected to fail: table name has spaces, brackets.
SET @Sql = 'CREATE TABLE '  + @TableOne            + ' (x INT)'
PRINT '(1)  ' + @Sql
EXEC sp_executesql @Sql
PRINT ' '

-- Expected to fail: bracket-slapping doesn't handle brackets.
SET @Sql = 'CREATE TABLE [' + @TableOne            + '] (x INT)'
PRINT '(2)  ' + @Sql
EXEC sp_executesql @Sql
PRINT ' '

-- Expected to succeed.
SET @Sql = 'CREATE TABLE '  + QUOTENAME(@TableOne) + ' (x INT) '
         + CHAR(10) + '     '
         + 'DROP   TABLE '  + QUOTENAME(@TableOne)
PRINT '(3)  ' + @Sql
EXEC sp_executesql @Sql
PRINT ' '

The first attempt uses the name with no "decoration"; it's not a legal identifier name, and so will fail.  The second attempt uses "bracket-slapping"; the brackets in the table's name will cause this to fail. The third, and correct, method uses QUOTENAME(). Running the code above results in this output:



(1)  CREATE TABLE Sales YTD [2009] (x INT)
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near 'YTD'.
 
(2)  CREATE TABLE [Sales YTD [2009]] (x INT)
Msg 105, Level 15, State 1, Line 1
Unclosed quotation mark after the character string 'Sales YTD [2009] (x INT)'.
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near 'Sales YTD [2009] (x INT)'.
 
(3)  CREATE TABLE [Sales YTD [2009]]] (x INT) 
     DROP   TABLE [Sales YTD [2009]]]




Moral of the story: always use QUOTENAME() - unless you enjoy bug hunts!

  


								
				

					
Related Posts
    
		
  1. 
		Watchout when using QUOTENAME()
		  As a best practise, one should wrap the object...
	
    2. 
		
  2. 
		Watchout when using QUOTENAME()
		  As a best practise, one should wrap the object...
	
    3. 
		
  3. 
		When setting up a new Windows Cluster test failover before releasing to production
		 When you build a new Microsoft Cluster Server cluster...
	
    4. 
		
  4. 
		How can I load image data into a SQL Server image datatype?
		There are a number of articles (like this one) explaining...
	
    5. 
		
  5. 
		Change Default Schema for all users
		 Recently ran into an issue where the default schema...
	
    6. 
	
					
	
						
About This Post

						
    
							
  • Feb 5, 2010 at 1:22 am Date post was published
    • 
							
  • SQL Server Bloggers Categories in which post is filed
    • 
														
  • No responses allowed, sorry.  Email us! Join the discussion!
    • 
														
  • RSS feed of comments Follow the discussion
    • 
						
				
						




    
	
  • Digg
    • 
	
  • del.icio.us
    • 
	
  • DZone
    • 
	
  • DotNetKicks
    • 
	
  • Google Bookmarks
    • 
	
  • Ping.fm
    • 
	
  • Reddit
    • 
	
  • StumbleUpon
    • 
	
  • TwitThis
    • 




						Share this post with friends