Python, Mysql, insert NULL

Steve Holden steve at holdenweb.com
Thu Oct 6 09:21:15 CEST 2005


Thomas Bartkus wrote:
[...]
> 
> Others here have pointed out that the Python keyword "None" is converted to
> "Null" when passed to MySQL. I don't quite understand this and don't really
> care.  If I have a Python variable that has a value None, and I want to
> transmit this to MySQL as Null - I would:
> 
>    if somevar == None:
>        StrToConcatenateIntoSqlStatement = "Null"
>    else:
>        StrToConcatenateIntoSqlStatement = somevar
> 
> All of which assumes, of course, that the field you are targeting will
> accept a Null value.
> Thomas Bartkus
> 
> 
If you don't understand parameterized SQL queries you would do well to 
refrain from offering database advice :-)

Presumably you always check whether StrToConcatenateIntoSqlStatement 
contains no apostrophes before you actually construct the SQL?

Can we say "SQL injection exploit"?

regards
  Steve
-- 
Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC                     www.holdenweb.com
PyCon TX 2006                  www.python.org/pycon/




More information about the Python-list mailing list