问号预处理

sql = "SELECT * FROM users WHERE age > ?"
cursor.execute(sql, (30,))

sql = "UPDATE users SET age = ? WHERE name = ?"
cursor.execute(sql, (26, 'Alice'))


 sql = "INSERT INTO users (name, age) VALUES (?, ?)"
 cursor.executemany(sql, ('Bob', 30))

%写法

# 推荐写法
cursor.execute("INSERT INTO table VALUES (%s, %s)", (value1, value2))

高级写法

sql = "SELECT * FROM users WHERE name = %(name)s AND age > %(age)s"
cursor.execute(sql, {'name': 'Alice', 'age': 20})