import mysql.connector as mdb

con = mdb.connect(
    host='127.0.0.1',
    port=3306,
    user='root',
    passwd='rootroot',
    db='db', charset='utf8'
)

cur = con.cursor(dictionary=True)

# Injection work using cursor.execute(sql)
id = '1 OR 1=1'

cur.execute("SELECT * FROM user WHERE id=%s" % (id,))
result = cur.fetchall()

print("%d results !" % len(result)) # X results !

# Injection doesn't work using cursor.execute(sql, (val1, val2))
id = '1 OR 1=1'

cur.execute("SELECT * FROM user WHERE id=%s", (id,))
result = cur.fetchall()

print("%d result ✋" % len(result)) # 1 result ✋