Please be aware that the content in SAP SQL Anywhere Forum will be migrated to the SAP Community in June and this forum will be retired.

SQL AnyWhere 17.0.10: Convert strings with a specific value

1

Hi All,

In my program, the user has the ability to enter a password for himself. And one of the users had problems during this procedure. It turned out that he was entering the password "k\xE08"

GRANT CONNECT TO "user1" IDENTIFIED BY 'k\xE08'

and when this password was stored in the database, it turned into the string "ka8". The reason for this is understandable to me in principle - SAW considers "\xE0" the code of the letter "a".

Question: Is there any way around this transformation ?

asked 23 Apr '20, 09:21

Stalker's gravatar image

Stalker
515293151
accept rate: 11%

One Answer:
active answersoldest answersnewest answerspopular answers
3

The password is a SQL string and hence the \xE0 portion is interpreted as an escape sequence. Likely your database charset is windows-1252 in which case character E0 is a-grave.

The question is, what did you want to have happen? If you wanted the password to be literally the six-character sequence k\xE08 then you haven't properly sanitized your inputs and your application is vulnerable to SQL-injection attacks.

To fix it, sanitize your inputs by disallowing problematic characters, properly escaping problematic characters or using a host variable.

permanent link

answered 23 Apr '20, 09:29

John%20Smirnios's gravatar image

John Smirnios
12.0k396166
accept rate: 37%

edited 23 Apr '20, 10:31

Volker%20Barth's gravatar image

Volker Barth
40.2k361550822
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×22
×15

question asked: 23 Apr '20, 09:21

question was seen: 1,788 times

last updated: 23 Apr '20, 10:31

Related questions

SA 17.0.10: Is it possible to use databases with different page sizes under one server ?

SA 17.0.9.4913: Question about the task of rights to the stored procedure

SA 17.0.9.4913: Wizard in SQL Central does not support the specified parameter editor "background text sql"

Convert base from SA 12.0.1.4134 to SA 17.0.9.4913

Make a selection based on second join not returning any results.

Case [in]sensitive passwords

Procedure sa_get_request_times is ignoring hostvars

The service did not respond to the start or control request in a timely fashion

No SQL Anywhere EBF in 5+ months

How to distinguish the reason for deleting a row in a trigger ?