psycopg2 follows the rules for DB-API 2.0 (set down in PEP-249). That means you can do a simple execute from your cursor method and use the pyformat binding style, and it will do the escaping for you. That means the following should be safe (and work):

cursor.execute("SELECT * FROM student WHERE last_name = %(lname)s", {"lname": "Robert'); DROP TABLE Students;--"}

Here are a few examples you might find helpful

cursor.execute('SELECT * from table where id = %(some_id)d', {'some_id': 1234})

Or you can dynamically build your query based on a dict of field name, value:

fields = ', '.join(my_dict.keys())
values = ', '.join(['%%(%s)s' % x for x in my_dict])
query = 'INSERT INTO some_table (%s) VALUES (%s)' % (fields, values)
cursor.execute(query, my_dict)

This does not answer your question, but it does address a side comment in your question.

If you have difficulty reading pages at initd.org, try doing a view-source on the difficult page.

They apparently have a misconfiguration at the server, and it is deliverying plain text as html, and gets the white-space-compression treatment from the browser. View-source doesn't do white space compression.

See the examples directory included with psycopg2. The code samples are very helpful.