On Mon, 16 Nov 2020 17:26:12 +0000, Frank Swarbrick wrote: >Yes, it "overflowed" a fixed-length field. x'C3A1' in the source file was >treated as two separate "ASCII" characters, x'C3' and x'A1'. Since those >don't exist in the EBCDIC code page I am using they just get converted to two >"nonsense" characters. > How wide is that field? You must have been on the bitter edge of the limit. What happens if a client enters an actual surname exceeding the limit?
>I agree that ideally the input source would restrict the input. But since >that's on another team, and this workaround is likely "good enough", that's >probably unlikely to happen. > What was the workaround you chose, converting to which EBCDIC CCSID? Is there no possibility of a client's entering a character not in that CCSID? What happens if someone does? Can you fuzz test or would that intrude "on another team"? I'd expect you need to do some filtering, perhaps to preclude SQL injection downstream. But that might be achieved by encoding. (I guessed wrong: "á", not "â". Spellcheck flags both.) -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
