use parameters passed through bottle routes in my SQL SELECT statement

Question

What is the correct syntax to use parameters passed through bottle routes in a SQL statement? (tons of code omitted for clarity here, everything works except this)

@route('/sqldynamic/<foo>/<bar>')
def sqlDyanmic(foo, bar):

        db = MySQLdb.connect("127.0.0.1","username","password","database" )
        cursor = db.cursor()
        cursor.execute("SELECT this, that WHERE this > foo AND that like '%bar%';")
        data = cursor.fetchall()
        return str(data)

Answer 1

Since you're using MySQL:

cursor.execute("SELECT this, that WHERE this > %s AND that like %s;", (foo, bar))

(This is irrespective of Bottle.)

(Also, if you care about SQL injection then you should add some validation.)