Python, Mysql, insert NULL
Steve Holden
steve at holdenweb.com
Thu Oct 6 03:21:15 EDT 2005
Thomas Bartkus wrote:
[...]
>
> Others here have pointed out that the Python keyword "None" is converted to
> "Null" when passed to MySQL. I don't quite understand this and don't really
> care. If I have a Python variable that has a value None, and I want to
> transmit this to MySQL as Null - I would:
>
> if somevar == None:
> StrToConcatenateIntoSqlStatement = "Null"
> else:
> StrToConcatenateIntoSqlStatement = somevar
>
> All of which assumes, of course, that the field you are targeting will
> accept a Null value.
> Thomas Bartkus
>
>
If you don't understand parameterized SQL queries you would do well to
refrain from offering database advice :-)
Presumably you always check whether StrToConcatenateIntoSqlStatement
contains no apostrophes before you actually construct the SQL?
Can we say "SQL injection exploit"?
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
More information about the Python-list
mailing list