Quoting the Input String with the Specified Character

While focusing injection related issue, I happen to look into the function QuoteName method in SQL Server. It's used to Enclose or Quote a string with the specified character string. Consider the below query, am asking SQL Server to enclose the string with [ ] (Bracket)

SELECT QUOTENAME('abc  [   ] def','[]')

The output is,

[abc  [   ]] def]

This function is really useful to enclose the string with the specified literal and avoid SQL Injection issues while passing the parameter.