Avoiding SQL Injection Problems

def get_email_fixed(name): 
    import psycopg2
    conn = psycopg2.connect("dbname=dq user=dq")
    cur = conn.cursor()
    # the following query should not allow an SQL injection problem
    cur.execute("SELECT email FROM users WHERE name = %s;", (name,))
    res = cur.fetchall()
    conn.close()
    return res


name_and_address = get_email("Larry Cain' UNION SELECT address FROM users WHERE name = 'Larry Cain")
print(name_and_address)

What I expected to happen:
The code above is given as the solution to preventing SQL injection. I expected that SQL injection would
not be allowed somehow. The last 2 lines are mine and show that SQL injection still happens.

What actually happened:

The output was:
[('[email protected]',), ('58208 Cook Bypass West Benjaminfurt OH 25179',)]

The point of this example was to show that SQL injection won’t happen. What am I missing?

name_and_address = get_email("Larry Cain' UNION SELECT address FROM users WHERE name = 'Larry Cain")

You are calling the old SQL injection vulnerable function get_email you need to be calling get_email_fixed to see that you fixed the vulnerability.