Passing Parameters to SQL Queries

SQLite supports two kinds of placeholders: question marks (qmark style) and named placeholders (named style). PostgreSQL/MySQL/MariaDB support simple (%s) and named (%(name)s) pyformat placeholders:

-- SQLite qmark
SELECT name, email FROM users WHERE id = ?
-- named
SELECT name, email FROM users WHERE id = :id

-- PostgreSQL/MySQL/MariaDB pyformat
SELECT name, email FROM users WHERE id = %s
-- named
SELECT name, email FROM users WHERE id = %(id)s

# simple style (? or %s)
cur.users.by_id(1)
db.users.by_id(cur, 1)

# named style (:name or %(name)s)
cur.users.by_id(id=1)
db.users.by_id(cur, id=1)