I had some problems with this as well. The execSQL component “second guesses” you in the handling of a comma-delimited list, and places quotes around your list - so what is actually passed to the database is something like:
SELECT FILE_NAME FROM TABLE WHERE FILE_ID IN (“VALUE1,VALUE2,VALUE3,VALUE4,VALUE5”).
To get around it, I had to use the ‘$dbProcessReporterTokens’ parameter (set it to ‘true’).
Then, in your ‘$dbSQL’ parameter, use:
WHERE FILE_ID IN (%value commaDelimitedList%).
(You no longer need to set the $dbParam variables).
The documentation mentions a performance cost associatd with this method, but it hasn’t killed us yet.