Traceback (most recent call last):
  File "test.py", line 190, in <module>
    cursor.execute(sql)
sqlite3.OperationalError: near "s": syntax error

Suppose name contains a single quote followed by a t, as in
name = "don't look now"
sql = "update foo set is_processed=1 where bar='
 
"+name+"'"
Then sql would equal
In [156]: sql
Out[156]: "update foo set is_processed=1 where bar='don't look now'"
and sqlite3 will think the conditional is where bar='don' followed by a syntax error, t look now'. sqlite3 then raises
sqlite3.OperationalError: near "t": syntax error
This is an example of why you should always use parametrized SQL. To avoid this
 
 problem (and protect your code from SQL injection attacks), use parametrized SQL and pass a sequence (or, depending on the paramstyle, a mapping) of values as the second argument to cursor.execute:
sql = "update foo set is_processed=1 where bar=?"
cursor.execute(sql, [name])
When you pass arguments (such 
 
as [name]) as the second argument to cursor.execute, sqlite3 will escape the single-quote for you.