Python, Mysql, insert NULL

Steve Holden steve at
Thu Oct 6 09:21:15 CEST 2005

Thomas Bartkus wrote:
> Others here have pointed out that the Python keyword "None" is converted to
> "Null" when passed to MySQL. I don't quite understand this and don't really
> care.  If I have a Python variable that has a value None, and I want to
> transmit this to MySQL as Null - I would:
>    if somevar == None:
>        StrToConcatenateIntoSqlStatement = "Null"
>    else:
>        StrToConcatenateIntoSqlStatement = somevar
> All of which assumes, of course, that the field you are targeting will
> accept a Null value.
> Thomas Bartkus
If you don't understand parameterized SQL queries you would do well to 
refrain from offering database advice :-)

Presumably you always check whether StrToConcatenateIntoSqlStatement 
contains no apostrophes before you actually construct the SQL?

Can we say "SQL injection exploit"?

Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC           
PyCon TX 2006        

More information about the Python-list mailing list