2 very common problems are here.
The first is that your code is vulnerable to
SQL Injection. You should
NEVER EVER
create an SQL query by piecing command strings and user data together. If you slip in a few special characters you can easily open up the entire db for all to view or delete.
As I am not fluent in Python I cannot tell you the best way to rewrite this; however this appears to be a very good sample to follow:
OpenStack Docs: Parameterize Database Queries[
^]
The second is DateTime. Most programming languages and databases actually store and work with DateTime objects as a number; and the only time there is a format to it is when it is converted to text for humans to read.
As previously stated, I am not fluent in Python. And you have not mentioned what type of DB you are working with. But I can tell you generally that your DB should have the appropriate data-type for your date, and when your program uses a parameterized query with the correct data-type and the database is of the same data-type; the database driver will take care of it 99.999% of the time.