set ANSI_NULLS ONset QUOTED_IDENTIFIER ONgoALTER FUNCTION [dbo].[fnSafeDynamicString]-- make string parameters safe for use in dynamic strings (@chvInput varchar(8000), @bitLikeSafe bit = 0) -- set to 1 if string will be used in LIKERETURNS varchar(8000)ASBEGIN declare @chvOutput varchar(8000) -- replace single quote set @chvOutput = Replace(@chvInput, char(39), char(39) + char(39)) if @bitLikeSafe = 1 begin -- convert square bracket set @chvOutput = Replace(@chvOutput, '[', '[[]') -- convert wild cards set @chvOutput = Replace(@chvOutput, '%', '[%]') set @chvOutput = Replace(@chvOutput, '_', '[_]') endRETURN (@chvOutput)END