django中的connection.cursor執行原生sql

connection.cursor 只能獲得元組類型，更陰功的時，它的參數化操做搞死人

像這種要動態表名列名啊排序關鍵字啊，都不能使用參數化查詢，只能拼裝字符串 
       sql = '''SELECT t1.id,t1.serial_number,t1.position,t1.system_os,t1.pc_score,t1.pc_cpu,t1.pc_memory,t1.use_time,t2.name AS person_name
        FROM app_HardwareInfo AS t1
        LEFT JOIN app_PersonInfo AS t2 ON t1.person_id=t2.id
        ORDER BY t1.%s %s''' % (sort, order)
        cursor.execute(sql)

參數化只能用於值
        id1 = 1
        id2 = 2
        sql = '''SELECT t1.id,t1.serial_number,t1.position,t1.system_os,t1.pc_score,t1.pc_cpu,t1.pc_memory,t1.use_time,t2.name AS person_name
        FROM app_HardwareInfo AS t1
        LEFT JOIN app_PersonInfo AS t2 ON t1.person_id=t2.id
         WHERE    t1.id=%s AND t2.name=%s'''
        cursor.execute(sql,[id1,id2])