Not sure but I'm thinking you at least need to add single quotes around the %s symbols. That doesn't really explain the integer input error though I'm not familiar with the exact features of the execute method in Python.
Yeah, upon further reflection overnight I figured it must incorporate sql-injection prevention. The use of "%s", which is typically a printf construct and printf doesn't do that kind of thing, threw me.