Quotename() is a SQL Server String function.

It accepts an input string of of up to 128 characters. Which is a limitation , although you could easily create a workaround with a UDF

Returns a Unicode string  of a valid delimited identifier.

 Why would you use Quotename()?

  1)   Reviewing for SQL Injection Attacks

 2)    Dynamic statements  for object management , such as ALTER SCHEMA

 3)    Tokens in T-SQL job step scripts

 4)   Quote object name

Examples

select quotename('sqlserver-dba.com') -- [sqlserver-dba.com]
select quotename('SQL [Server] DBA') -- [SQL [Server]] DBA]
select quotename('sqlserver-dba.com', '''') -- 'sqlserver-dba.com'
select quotename('sqlserver-dba.com', '"') -- "sqlserver-dba.com"
select quotename('sqlserver-dba.com''s DBA', '''') -- 'sqlserver-dba.com''s DBA'
select quotename('sqlserver-dba.com', '|') -- NULL

Author: Jack Vamvas (http://www.sqlserver-dba.com)