The use of data parameter substitution with MySQL Connector is well documented:
To create a new row in a table by passing in multiple data parameters the syntax might be:
cur.execute('INSERT INTO table1 (name, address, phone, postcode) values (%s, %s, %s, %s)', ('John', '1 Front Street', '416-111-1234', 'N4R2E5')) db.commit()
Where the %s are placeholders for the data values being passed in the following list.
Continue reading Using Parameter Substitution for Column Names with Python MySQL Connector