"Steve Holden" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > If you don't understand parameterized SQL queries you would do well to > refrain from offering database advice :-)
Did the poster ask a question about parameterized queries or server security? > Presumably you always check whether StrToConcatenateIntoSqlStatement > contains no apostrophes before you actually construct the SQL? > > Can we say "SQL injection exploit"? Not every query passes along public internet wires and all the guy asked for was how to insert a Null. But - I really do appreciate your concern :-) Thomas Bartkus -- http://mail.python.org/mailman/listinfo/python-list
