Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #53253

Re: Rép : Why is str(None) == 'None' and not an empty string?

Newsgroups comp.lang.python
Date 2013-08-29 13:09 -0700
References <mailman.2220.1377689401.19983.python-list@python.org> <2C98ABD0-859D-4991-8DE3-CF68A24F136B@gmail.com> <mailman.360.1377775316.19984.python-list@python.org>
Message-ID <f2f0407f-9203-41f7-bbb0-6de75474a655@googlegroups.com> (permalink)
Subject Re: Rép : Why is str(None) == 'None' and not an empty string?
From fp2161@gmail.com

Show all headers | View raw

On Thursday, August 29, 2013 12:55:36 PM UTC+2, Ian wrote:
> On Wed, Aug 28, 2013 at 5:42 AM, Fabrice POMBET <fp2161@gmail.com> wrote:
> 
> >
> 
> > On 8/28/2013 4:57 AM, Piotr Dobrogost wrote:
> 
> >
> 
> >> Having repr(None) == 'None' is sure the right thing but why does str(None) == 'None'? Wouldn't it be more correct if it was an empty string?
> 
> >
> 
> > the point of str(obj) is to return a string containing the obj (a sequence of characters if it is unbound or not built-in, etc.)...
> 
> >
> 
> > If you set the rule str(None)=="", then you will cause plenty of problems.
> 
> >
> 
> > For instance, if you want to build a string like request="SELECT X"+"IN Y"+"WHERE B="+String(B)
> 
> > to prepare a sequel request, and the field B happens to be sometimes "None", you would automatically end up with """SELECT X IN Y WHERE B=''""" instead of """SELECT X IN Y WHERE B='None'""",
> 
> > and your sql request will fall into limbos...
> 
> 
> 
> The proper way to pass values into a SQL query is by using bind
> 
> parameters. Inserting them into the query string by concatenation is
> 
> error-prone and an excellent way to write code that is vulnerable to
> 
> SQL injection attacks.
> 
> 
> 
> The DB API guarantees that the object None will map to the database
> 
> value NULL when passed directly as a parameter.  The value returned by
> 
>  str(None) is irrelevant in this context.

I could not agree more with you. The purpose of my post, however, was only to give a simple illustration of how such a generic change would make everything awkward, not to give any proper, precise or general directions on how to code a safe SQL request for a DB when you are online. Thank you however for your corrections.

Back to comp.lang.python | Previous | NextPrevious in thread | Find similar | Unroll thread

Thread

Re: Rép : Why is str(None) == 'None' and not an empty string? Ian Kelly <ian.g.kelly@gmail.com> - 2013-08-29 04:55 -0600
  Re: Rép : Why is str(None) == 'None' and not an empty string? fp2161@gmail.com - 2013-08-29 13:09 -0700

csiph-web