1With .query(), parameter substitution is handled on the client,
2including objects which let data = req.body is in the above examples.
3
4With .execute() prepared statement parameters are sent from the client
5as a serialized string and handled by the server. Since let data = req.body
6is an object, that's not going to work.