what does ? mean in python pyodbc module

Question

import pyodbc
cursor.execute("INSERT INTO Testing_Param(Seed_Number,Cycle_Name) VALUES (?,?)",('0','CoupleIn'))

what does the "?" mean in the code? When I try to replace the ? to %s for the "CoupleIn" which is the string and %d for the "0", why does it appear error message:

pyodbc.ProgrammingError: ('The SQL contains 0 parameter markers, but 2 parameters were supplied', 'HY000')

I am new to the pyodbc module to do transfering data from Python into Microsoft SQL server

Answer 1

? is the placeholder for the substitution engine. The cursor.execute function is responsible for properly escaping the values in the tuple and inserting them into the query where the respective question marks are to form a valid query. This keeps you safe from sql injection attacks where normal string interpolation would leave your database vulnerable to attackers.

You can read more about the standard python database apis in PEP-0249 -- Specifically, your database wrapper is using qmark paramstyle.