Since you're using MySQL:
cursor.execute("SELECT this, that WHERE this > %s AND that like %s;", (foo, bar))
(This is irrespective of Bottle.)
(Also, if you care about SQL injection then you should add some validation.)
Question
What is the correct syntax to use parameters passed through bottle routes in a SQL statement? (tons of code omitted for clarity here, everything works except this)
@route('/sqldynamic/<foo>/<bar>')
def sqlDyanmic(foo, bar):
db = MySQLdb.connect("127.0.0.1","username","password","database" )
cursor = db.cursor()
cursor.execute("SELECT this, that WHERE this > foo AND that like '%bar%';")
data = cursor.fetchall()
return str(data)
Solution
Since you're using MySQL:
cursor.execute("SELECT this, that WHERE this > %s AND that like %s;", (foo, bar))
(This is irrespective of Bottle.)
(Also, if you care about SQL injection then you should add some validation.)