Re: Rép : Why is str(None) == 'None' and not an empty string?
Ian Kelly
ian.g.kelly at gmail.com
Thu Aug 29 06:55:36 EDT 2013
On Wed, Aug 28, 2013 at 5:42 AM, Fabrice POMBET <fp2161 at gmail.com> wrote:
>
> On 8/28/2013 4:57 AM, Piotr Dobrogost wrote:
>
>> Having repr(None) == 'None' is sure the right thing but why does str(None) == 'None'? Wouldn't it be more correct if it was an empty string?
>
> the point of str(obj) is to return a string containing the obj (a sequence of characters if it is unbound or not built-in, etc.)...
>
> If you set the rule str(None)=="", then you will cause plenty of problems.
>
> For instance, if you want to build a string like request="SELECT X"+"IN Y"+"WHERE B="+String(B)
> to prepare a sequel request, and the field B happens to be sometimes "None", you would automatically end up with """SELECT X IN Y WHERE B=''""" instead of """SELECT X IN Y WHERE B='None'""",
> and your sql request will fall into limbos...
The proper way to pass values into a SQL query is by using bind
parameters. Inserting them into the query string by concatenation is
error-prone and an excellent way to write code that is vulnerable to
SQL injection attacks.
The DB API guarantees that the object None will map to the database
value NULL when passed directly as a parameter. The value returned by
str(None) is irrelevant in this context.
More information about the Python-list
mailing list