From: Gord Thompson <gord@gordthompson.com>
Date: Thu, 4 Jun 2020 18:38:13 +0000 (-0600)
Subject: Fix connection string escaping for mssql+pyodbc
X-Git-Tag: rel_1_4_0b1~278
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14bc09203a8b5b2bc001f764ad7cce6a184975cc;p=thirdparty%2Fsqlalchemy%2Fsqlalchemy.git

Fix connection string escaping for mssql+pyodbc

Fixes: #5373
Change-Id: Ia41e8f1ef8644c54d23ebfdf3f909c785adf0fb0
---

diff --git a/doc/build/changelog/unreleased_13/5373.rst b/doc/build/changelog/unreleased_13/5373.rst
new file mode 100644
index 0000000000..4396fbde3d
--- /dev/null
+++ b/doc/build/changelog/unreleased_13/5373.rst
@@ -0,0 +1,8 @@
+.. change::
+    :tags: bug, mssql
+    :tickets: 5373
+
+    Fixed issue with assembling the ODBC connection string for the pyodbc
+    DBAPI. Tokens containing semicolons and/or braces "{}" were not being
+    correctly escaped, causing the ODBC driver to misinterpret the
+    connection string attributes.
\ No newline at end of file
diff --git a/lib/sqlalchemy/connectors/pyodbc.py b/lib/sqlalchemy/connectors/pyodbc.py
index df1b2afdbb..57a1c54fb4 100644
--- a/lib/sqlalchemy/connectors/pyodbc.py
+++ b/lib/sqlalchemy/connectors/pyodbc.py
@@ -56,7 +56,7 @@ class PyODBCConnector(Connector):
 
             def check_quote(token):
                 if ";" in str(token):
-                    token = "'%s'" % token
+                    token = "{%s}" % token.replace("}", "}}")
                 return token
 
             keys = dict((k, check_quote(v)) for k, v in keys.items())
diff --git a/test/dialect/mssql/test_engine.py b/test/dialect/mssql/test_engine.py
index 734224ed1b..2209414890 100644
--- a/test/dialect/mssql/test_engine.py
+++ b/test/dialect/mssql/test_engine.py
@@ -210,7 +210,7 @@ class ParseConnectTest(fixtures.TestBase):
 
     def test_pyodbc_token_injection(self):
         token1 = "someuser%3BPORT%3D50001"
-        token2 = "somepw%3BPORT%3D50001"
+        token2 = "some{strange}pw%3BPORT%3D50001"
         token3 = "somehost%3BPORT%3D50001"
         token4 = "somedb%3BPORT%3D50001"
 
@@ -224,8 +224,8 @@ class ParseConnectTest(fixtures.TestBase):
             [
                 [
                     "DRIVER={foob};Server=somehost%3BPORT%3D50001;"
-                    "Database=somedb%3BPORT%3D50001;UID='someuser;PORT=50001';"
-                    "PWD='somepw;PORT=50001'"
+                    "Database=somedb%3BPORT%3D50001;UID={someuser;PORT=50001};"
+                    "PWD={some{strange}}pw;PORT=50001}"
                 ],
                 {},
             ],