Синтаксис ошибок SQL в nodejs

Я написал SQL-запрос в nodejs вот так

router.get('/bookingAppointment', function (req, res, next) {
var specialty = req.query.specialty;
var doctor = req.query.doctor;
var date = req.query.date;
var newdate = date.split('/').reverse().join('-');
var stm = "SELECT numericalOrder, date"
    + "FROM appointment "
    + "WHERE specialty = '" + specialty + "' AND doctor = '" + doctor 
    + "' AND date ='" + newdate + "' AND status = 0 "
    + "ORDER BY numericalOrder asc "
    + "LIMIT 1";
con.query(stm, function (err, results) {
    if (err) throw err;
    res.send(JSON.stringify({ "status": 200, "error": null, "response": results }));
});

});

Но я получаю следующую синтаксическую ошибку SQL

ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE specialty = 'KNTK' AND doctor = 'Nguyễn Văn A' AND date ='2018-7-15' AN' at line 1

Кто-нибудь знает, почему мой запрос прерывается?