I don't know that db node but I doubt the format is correct. (I.e you've written js like syntax but I highly doubt it will evaluate the string concatenation with msg.payload)
Try putting a function node before the SQL node and build the SQL and pass it in.
Alternatively - perhaps that node mentions mustache format in its help info?
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy