fix use of parameters arg in Cursor.execute

There is still a problem - we don't sanitize these inputs even though users would assume that we do

Author: james-willis

wherobots/db/cursor.py

@@ -80,9 +80,7 @@ def execute(self, operation: str, parameters: Dict[str, Any] = None) -> None:
         self.__rowcount = -1
         self.__description = None
 
-        sql = (
-            operation.replace("{", "{{").replace("}", "}}").format(**(parameters or {}))
-        )
+        sql = operation.format(**(parameters or {}))
         self.__current_execution_id = self.__exec_fn(sql, self.__on_execution_result)
 
     def executemany(