No, that is wrong as you noticed, and also because delete, not delete, should be used.
One way is to save the result of the call to _sql in a variable, then after using that variable, use delete with it.
However, a possibly better way:
std::string _sql(const char *dataIn)
std::string to(strlen(dataIn) * 2);
mysql_real_escape_string(MySQL_Database_Connection__global, &to, dataIn, strlen(dataIn));
Note that names that begin with an underscore followed by a lowercase letter is reserved to the implementation for use in the global and std namespaces, so _sql should be within your own namespace. Actually, if the underscore prefix is just to denote this as a helper function to avoid name conflicts, consider just renaming it (escape_string?) and defining it in an unnamed namespace.
"UPDATE this_table SET this_field = '%s' WHERE this_value = 1 ;",