Quoting sql queries with the DB-API

[snacktime]

I'm used to using the perl DBI and not very familiar with the python
DB-API.  I am using PyGreSQL.  My question is what is the standard way
to quote strings in sql queries?  I didn't see any quoting functions
in the DB-API docs.  Is quoting handled internally by the PyGreSQL
module?

Also, is this a good way to use variables in an insert/update
statement, or is there a better way?

sql = "insert into test(a,b) values('%s','%s')" % (a,b)
cursor.execute(sql)


Chris