Python, Mysql, insert NULL
steve at holdenweb.com
Thu Oct 6 09:21:15 CEST 2005
Thomas Bartkus wrote:
> Others here have pointed out that the Python keyword "None" is converted to
> "Null" when passed to MySQL. I don't quite understand this and don't really
> care. If I have a Python variable that has a value None, and I want to
> transmit this to MySQL as Null - I would:
> if somevar == None:
> StrToConcatenateIntoSqlStatement = "Null"
> StrToConcatenateIntoSqlStatement = somevar
> All of which assumes, of course, that the field you are targeting will
> accept a Null value.
> Thomas Bartkus
If you don't understand parameterized SQL queries you would do well to
refrain from offering database advice :-)
Presumably you always check whether StrToConcatenateIntoSqlStatement
contains no apostrophes before you actually construct the SQL?
Can we say "SQL injection exploit"?
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
More information about the Python-list