Thomas Bartkus wrote: [...] > > Others here have pointed out that the Python keyword "None" is converted to > "Null" when passed to MySQL. I don't quite understand this and don't really > care. If I have a Python variable that has a value None, and I want to > transmit this to MySQL as Null - I would: > > if somevar == None: > StrToConcatenateIntoSqlStatement = "Null" > else: > StrToConcatenateIntoSqlStatement = somevar > > All of which assumes, of course, that the field you are targeting will > accept a Null value. > Thomas Bartkus > > If you don't understand parameterized SQL queries you would do well to refrain from offering database advice :-)
Presumably you always check whether StrToConcatenateIntoSqlStatement contains no apostrophes before you actually construct the SQL? Can we say "SQL injection exploit"? regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC www.holdenweb.com PyCon TX 2006 www.python.org/pycon/ -- http://mail.python.org/mailman/listinfo/python-list
