pymysql.execute传参字符串问题

问题遇到的现象和发生背景

使用pymysql.execute进行传参，传字符串进去，把引号也传进去了，结果就一直报错，想问一下各位大佬怎么解决？

问题相关代码，请勿粘贴截图

def find(self, condition=None, limit=0):
    sql_str = ''
    sql_str2 = ''
    if condition:
        number = 0
        sql_str += 'where '
        for i in condition.items():
            number += 1
            sql_str += 'and ' if number>1 else ''
            sql_str += f'{i[0]}={i[1]} '
    if limit:
        sql_str2 = f'limit {limit}'
    sql = 'select * from ip_agentpool %s order by score desc,speed asc %s;'
    format_list = [sql_str, sql_str2]
    influence_line = self.cur.execute(sql, format_list)
    if influence_line:                                 
        ip_agent_pool_tuple = self.cur.fetchall()
        ip_bivariate_table = pandas.DataFrame(ip_agent_pool_tuple,
        columns=['ip', 'port', 'protocol', 'anonymous', 'speed', 'area', 'score', 'disable_domains'])
        print('查询成功')
        print(ip_bivariate_table)
    else:
        print('')

运行结果及报错内容

pymysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''where speed=-1 ' order by score desc,speed asc 'limit 1'' at line 1")

我的解答思路和尝试过的方法

我用过字典来传参，但好像也不行

我想要达到的结果

直接凭借成sql执行，要么sql中where应该放到sql语句（包含查询的列）中，查询值放入format_list 中，而不是当做查询条件传入,limit也是,sql需要动态构造

下面是凭借成sql语句的形式

def find(self, condition=None, limit=0):
    sql_str = ''
    sql_str2 = ''
    if condition:
        number = 0
        sql_str += 'where '
        for i in condition.items():
            number += 1
            sql_str += 'and ' if number>1 else ''
            sql_str += f'{i[0]}={i[1]} '
    if limit:
        sql_str2 = f'limit {limit}'
    sql = f'select * from ip_agentpool {sql_str} order by score desc,speed asc {sql_str2};'###########
    influence_line = self.cur.execute(sql)
    if influence_line:                                 
        ip_agent_pool_tuple = self.cur.fetchall()
        ip_bivariate_table = pandas.DataFrame(ip_agent_pool_tuple,
        columns=['ip', 'port', 'protocol', 'anonymous', 'speed', 'area', 'score', 'disable_domains'])
        print('查询成功')
        print(ip_bivariate_table)
    else:
        print('')

参数化，sql需要拼接字段和参数%s，format_list 也需要的动态append参数值

def find(self, condition=None, limit=0):
    sql = 'select * from ip_agentpool'
    format_list=[]
    if condition:
        number = 0
        sql += ' where '
        for i in condition.items():
            number += 1
            sql += 'and ' if number>1 else ''
            sql += f'{i[0]}=%s '
            format_list.append(i[1])###

    sql+=" order by score desc,speed asc "

    if limit:
        sql+=" limit %s";
        format_list.append(limit)###

    influence_line = self.cur.execute(sql, format_list)
    if influence_line:                                 
        ip_agent_pool_tuple = self.cur.fetchall()
        ip_bivariate_table = pandas.DataFrame(ip_agent_pool_tuple,
        columns=['ip', 'port', 'protocol', 'anonymous', 'speed', 'area', 'score', 'disable_domains'])
        print('查询成功')
        print(ip_bivariate_table)
    else:
        print('')