Don't do that. If you can script the construction of a where clause, you can construct it with parameter placeholders and pass the parameters without string conversion. You would have code something like this:
idList = list(data['idList2'].getColumnAsList(0))
if idList:
if len(idList) > 1:
q_where = "ticket_ids IN (%s)" % (', '.join(['?'] * len(idList)))
else:
q_where = "ticket_ids = ?"
else:
q_where = "0=1"
sql_query = "Select ...... From tickets Where %s" % q_where
pyds = system.db.runPrepQuery(sql_query, idList, 'myDB')
data['tickets'] = pyds.underlyingDataset
If you need subqueries to go with each ticket, it gets more complicated: