Add quotes to every list element

A naive solution would be to iterate over your parameters list and append quotes to the beginning and end of each element:

(', '.join('"' + item + '"' for item in parameters))

Note: this is vulnerable to SQL injection (whether coincidental or deliberate). A better solution is to let the database quote and insert these values:

query = "SELECT * FROM foo WHERE bar IN (%s)" % ','.join('?' * len(params))
cursor.execute(query, params)

It's easier to read and handles quoting properly.

For simple parameters, the following should work:

query = "SELECT * FROM foo WHERE bar IN %s" % repr(tuple(map(str,parameters)))

This may break down when the parameter names themselves include quotes, as the escaping rules are different.