Validate MSSQL identifier (parameter) in .NET or regular expression

In a .NET project I need to verify if a string is a valid Microsoft SQL Server 2005 parameter identifier.

Example: SELECT * FROM table WHERE column = @parameter

Is there a runtime class method to validate a string for being a parameter, or is there a regular expression that verifies the rules? (see below)

From the documentation on identifiers, parameters should comply to these general identifier rules:

  1. The first character must be one of the following: * A letter as defined
    by the Unicode Standard 3.2. The
    Unicode definition of letters includes
    Latin characters from a through z,
    from A through Z, and also letter
    characters from other languages. *
    The underscore (_), at sign (@), or
    number sign (#).
    Certain symbols
    at the beginning of an identifier have
    special meaning in SQL Server. A
    regular identifier that starts with
    the at sign always denotes a local
    variable or parameter and cannot be
    used as the name of any other type of
    object. An identifier that starts with
    a number sign denotes a temporary
    table or procedure. An identifier that
    starts with double number signs (##)
    denotes a global temporary object.
    Although the number sign or double
    number sign characters can be used to
    begin the names of other types of
    objects, we do not recommend this
    practice. Some Transact-SQL functions
    have names that start with double at
    signs (@@). To avoid confusion with
    these functions, you should not use
    names that start with @@.
  2. Subsequent characters can include the following: * Letters as defined
    in the Unicode Standard 3.2. *
    Decimal numbers from either Basic
    Latin or other national scripts. *
    The at sign, dollar sign ($), number
    sign, or underscore.
  3. The identifier must not be a Transact-SQL reserved word. SQL Server
    reserves both the uppercase and
    lowercase versions of reserved words.
  4. Embedded spaces or special characters are not allowed.
  5. Supplementary characters are not allowed.

When identifiers are used in
Transact-SQL statements, the
identifiers that do not comply with
these rules must be delimited by
double quotation marks or brackets.

Since I want to validate parameters only, identifiers must start with an @ sign, and must not be delimited.

3 thoughts on “Validate MSSQL identifier (parameter) in .NET or regular expression

  1. user

    I found this article about creating a function for evaluating regular expressions on TSQL, internally uses VBScript, check it out here

    Another link you can find useful, but i think it needs registration, here

    Another idea could be handle @parameter as a sysname datatype, don’t know if it fits here

  2. user

    I was stumbling over the Unicode character classes, but once I found out that they are supported in .NET regular expressions, I came up with the following regular expression solving my question:


    This enforces:

    • Identifier always starts with @, making it a parameter.
    • No @ in the second position allowed to avoid confusion with special TSQL functions.
    • Allows only characters as defined in the rules.

Leave a Reply

Your email address will not be published.