Python String Formats with SQL Wildcards and LIKE

Question

I\'m having a hard time getting some sql in python to correctly go through MySQLdb. It\'s pythons string formatting that is killing me.

My sql statement is using the

Answer 1

To escape ampersands in Python string formatting expressions, double the ampersand:

'%%%s%%' % search_string

Edit: But I definitely agree with another answer. Direct string substitution in SQL queries is almost always a bad idea.