Node.js & postgres: how would I properly parametrize this query to prevent SQL injection?

Question

I am using the pg library to perform operations on a postgres database. The main function to perform a query is this (where pool is a variable containing authentication info):