/gist:7997605274392aa54020 Secret

## gistfile1.py
In [8]: q = 'select * from user where id=%s'

In [9]: a = '1 union select * from user'

In [10]: sql = q % tuple([conn.literal(a)])

In [11]: sql
Out[11]: "select * from user where id='1 union select * from user'"
	In [8]: q = 'select * from user where id=%s'

	In [9]: a = '1 union select * from user'

	In [10]: sql = q % tuple([conn.literal(a)])

	In [11]: sql
	Out[11]: "select * from user where id='1 union select * from user'"