set QUOTED_IDENTIFIER ON
go
ALTER FUNCTION [dbo].[fnSafeDynamicString]
-- make string parameters safe for use in dynamic strings
(@chvInput varchar(8000),
@bitLikeSafe bit = 0) -- set to 1 if string will be used in LIKE
RETURNS varchar(8000)
AS
BEGIN
declare @chvOutput varchar(8000)
-- replace single quote
set @chvOutput = Replace(@chvInput, char(39), char(39) + char(39))
if @bitLikeSafe = 1
begin
-- convert square bracket
set @chvOutput = Replace(@chvOutput, '[', '[[]')
-- convert wild cards
set @chvOutput = Replace(@chvOutput, '%', '[%]')
set @chvOutput = Replace(@chvOutput, '_', '[_]')
end
RETURN (@chvOutput)
END