Correct escaping of delimited identifers in SQL Server without using QUOTENAME

Question

Is there anything else that the code must do to sanitize identifiers (table, view, column) other than to wrap them in double quotation marks and \"double up\" double

Answer 1

Can you not just use [ and ] delimiters instead of quotes (single or double)?

Identifiers should never really contain any quotes (unless you're more unlucky than now) so you remove the normal use factor of quotes in names etc

Edit:

But if the calls to the ORM are already parameterised, you don't need to worry about it, no? Using [ and ] removes the need for complex escaping in c# strings