As you can see from the image, that is NOT valid SQL.
Also, I would strongly recommend using parameters to both simplify this and avoid SQL Injection
Here is a demo I did on another thread: Dashboard and MS SQL database - number and text input nodes - #2 by Steve-Mcl