paramstyle
Parameter placeholders can onlybe used to insert column values. They can notbe used for other parts of SQL, such as table names, statements, etc.

paramstyle
参数占位符只能用于插入列值。它们不能用于 SQL 的其他部分，例如表名、语句等。

%s placeholders inside query string are reserved for parameters. %s in 'order by %s %s' are not parameters. You should make query string in 2 steps:

查询字符串中的 %s 占位符是为参数保留的。'order by %s %s' 中的 %s 不是参数。您应该分两步制作查询字符串：

query = """SELECT * FROM sometable order by %s %s limit %%s, %%s;"""
query = query % ('somecol', 'DESC')
conn = app_globals.pool.connection()
cur = conn.cursor()
cur.execute(query, (limit1, limit2) ) 
results = cur.fetchall()

DO NOT FORGET to filter first substitution to prevent SQL-injection possibilities

不要忘记过滤第一次替换以防止 SQL 注入的可能性

Not all parts of an SQL query can be parametrized. The DESC keyword for example is not a parameter. Try

并非 SQL 查询的所有部分都可以参数化。例如，DESC 关键字不是参数。尝试

query = """SELECT * FROM sometable 
                    order by %s """ + sortorder + """
                    limit %s, %s"""

cur.execute(query, (sortname, limit1, limit2) ) 

You could try this alternatively...

你也可以试试这个……

query = """SELECT * FROM sometable 
                    order by {0} {1} 
                    limit {2}, {3};"""

sortname = 'somecol'
sortorder = 'DESC'
limit1 = 'limit1'
limit2 = 'limit2'

print(query.format(sortname, sortorder, limit1, limit2))