From 5d118a09af29eb0b442e9e137579bf8c9c623285 Mon Sep 17 00:00:00 2001
From: Gord Thompson <gord@gordthompson.com>
Date: Thu, 4 Jun 2020 12:38:13 -0600
Subject: [PATCH] Fix connection string escaping for mssql+pyodbc

Fixes: #5373
Change-Id: Ia41e8f1ef8644c54d23ebfdf3f909c785adf0fb0
(cherry picked from commit 14bc09203a8b5b2bc001f764ad7cce6a184975cc)
---
 doc/build/changelog/unreleased_13/5373.rst | 8 ++++++++
 lib/sqlalchemy/connectors/pyodbc.py        | 2 +-
 test/dialect/mssql/test_engine.py          | 6 +++---
 3 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 doc/build/changelog/unreleased_13/5373.rst

diff --git a/doc/build/changelog/unreleased_13/5373.rst b/doc/build/changelog/unreleased_13/5373.rst
new file mode 100644
index 0000000000..4396fbde3d
--- /dev/null
+++ b/doc/build/changelog/unreleased_13/5373.rst
@@ -0,0 +1,8 @@
+.. change::
+    :tags: bug, mssql
+    :tickets: 5373
+
+    Fixed issue with assembling the ODBC connection string for the pyodbc
+    DBAPI. Tokens containing semicolons and/or braces "{}" were not being
+    correctly escaped, causing the ODBC driver to misinterpret the
+    connection string attributes.
\ No newline at end of file
diff --git a/lib/sqlalchemy/connectors/pyodbc.py b/lib/sqlalchemy/connectors/pyodbc.py
index df1b2afdbb..57a1c54fb4 100644
--- a/lib/sqlalchemy/connectors/pyodbc.py
+++ b/lib/sqlalchemy/connectors/pyodbc.py
@@ -56,7 +56,7 @@ class PyODBCConnector(Connector):
 
             def check_quote(token):
                 if ";" in str(token):
-                    token = "'%s'" % token
+                    token = "{%s}" % token.replace("}", "}}")
                 return token
 
             keys = dict((k, check_quote(v)) for k, v in keys.items())
diff --git a/test/dialect/mssql/test_engine.py b/test/dialect/mssql/test_engine.py
index 9bec4cb95e..8f9d8629c0 100644
--- a/test/dialect/mssql/test_engine.py
+++ b/test/dialect/mssql/test_engine.py
@@ -211,7 +211,7 @@ class ParseConnectTest(fixtures.TestBase):
 
     def test_pyodbc_token_injection(self):
         token1 = "someuser%3BPORT%3D50001"
-        token2 = "somepw%3BPORT%3D50001"
+        token2 = "some{strange}pw%3BPORT%3D50001"
         token3 = "somehost%3BPORT%3D50001"
         token4 = "somedb%3BPORT%3D50001"
 
@@ -225,8 +225,8 @@ class ParseConnectTest(fixtures.TestBase):
             [
                 [
                     "DRIVER={foob};Server=somehost%3BPORT%3D50001;"
-                    "Database=somedb%3BPORT%3D50001;UID='someuser;PORT=50001';"
-                    "PWD='somepw;PORT=50001'"
+                    "Database=somedb%3BPORT%3D50001;UID={someuser;PORT=50001};"
+                    "PWD={some{strange}}pw;PORT=50001}"
                 ],
                 {},
             ],
-- 
2.47.2