Since QUOTENAME adds the delimiters, the payload will be different, but it's still vulnerable to SQL injection attacks.
Search the Archive