Datasette passes extraneous parameters to the sqlite3 connection. A writable canned query will post a csrftoken for security purposes, which ends up as part of the query parameters. DuckDB is strict on the parameters matching the SQL query, so it fails.
While implementing, I discovered:
I added a one off fix for csrftoken. But this happens elsewhere, too: go to https://dux.fly.dev/parquet/geonames_stats and click hide.
Proposal: let's strip parameters that are in the params dict, but not the SQL string