Was hoping to use Django / db-api's built in string excaping, but it looks like it doesn't work for create database commands?
from django.db import connections
cursor = connections['dbadmin'].cursor()
cursor.execute('create database %s', ['foo'])
Which fails with
DatabaseError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''foo'' at line 1")
Although a straight, unparameterized create database foo works fine.
That looks like a bug to me, right? drop database has a similar problem...
You cannot use parameters for metadata such as table or database names. This is a limitation of the underlying C library, not of DB-API.