diff -r cb632988bc09 Lib/sqlite3/test/regression.py
--- a/Lib/sqlite3/test/regression.py	Tue Apr 08 09:14:21 2014 +0200
+++ b/Lib/sqlite3/test/regression.py	Wed Apr 09 02:23:30 2014 +0200
@@ -336,6 +336,13 @@ class RegressionTests(unittest.TestCase)
                           sqlite.connect, ":memory:", isolation_level=123)
 
 
+    def CheckNullCharacter(self):
+        # Issue #21147
+        cursor = sqlite.connect(":memory:")
+        self.assertRaises(ValueError, cursor.execute, "\0select 1")
+        self.assertRaises(ValueError, cursor.execute, "select 1\0")
+
+
 def suite():
     regression_suite = unittest.makeSuite(RegressionTests, "Check")
     return unittest.TestSuite((regression_suite,))
diff -r cb632988bc09 Modules/_sqlite/cursor.c
--- a/Modules/_sqlite/cursor.c	Tue Apr 08 09:14:21 2014 +0200
+++ b/Modules/_sqlite/cursor.c	Wed Apr 09 02:23:30 2014 +0200
@@ -511,6 +511,11 @@ PyObject* _pysqlite_query_execute(pysqli
         pysqlite_statement_reset(self->statement);
     }
 
+    if (PyUnicode_FindChar(operation, '\0', 0, operation_len, 1) != -1) {
+        PyErr_SetString(PyExc_ValueError, "the query contains a null character");
+        goto error;
+    }
+
     operation_cstr = _PyUnicode_AsStringAndSize(operation, &operation_len);
     if (operation_cstr == NULL)
         goto error;