difference between db.query and db.execute
With .query(), parameter substitution is handled on the client,
including objects which let data = req.body is in the above examples.
With .execute() prepared statement parameters are sent from the client
as a serialized string and handled by the server. Since let data = req.body
is an object, that's not going to work.