Sql prefix for string literal

Now I was a bit lazy and did this update of my database
cur.execute(f"UPDATE `account` SET `amount` = {amount} WHERE `account`.`id` = {id};")

That is of course a no go, as this allows for sql injection. It should be like this:

query = "UPDATE `account` SET `amount` = %s WHERE `account`.`id` = %s;"
data = ( amount, id )
update = ( query, data )
cur.execute(query, data )

Then I thought, is there a sql prefix

cur.execute(q"UPDATE `account` SET `amount` = {amount} WHERE `account`.`id` = {id};")

The q prefix would then return a list with a query and the data array (which execute should be modified to accept)

query = "UPDATE `account` SET `amount` = %s WHERE `account`.`id` = %s;"
data = ( amount, id )
return ( query, data )

This would make it easier to apply security from the start, and of course not conflict readability with security

See PEP 501 which specifically mentions SQL as a use case. It’s currently deferred, but there’s extensive discussion on the python-ideas mailing list from some time back (probably 5 or 6 years ago) that you might find interesting or relevant.