cursor.execute("INSERT INTO User(user_id,username,user) VALUES (%s,%s,%s)", (a,b,c))
(Notice the values (a,b,c)
are passed to the function execute
as a second argument, not as part of the first argument through string interpolation). MySQLdb will properly quote the arguments for you.
PS. As Vajk Hermecz notes, the problem occurs because the string 'Ellie'
is not being properly quoted.
When you do the string interpolation with "(%s,)" % (a,)
you get
(Ellie,)
whereas what you really want is ('Ellie',)
. But don't bother doing the quoting yourself. It is safer and easier to use parametrized SQL.