Placeholders and Bind Values
    Some drivers support placeholders and bind values. *Placeholders*, also
    called parameter markers, are used to indicate values in a database
    statement that will be supplied later, before the prepared statement is
    executed. For example, an application might use the following to insert
    a row of data into the SALES table:

      INSERT INTO sales (product_code, qty, price) VALUES (?, ?, ?)

    or the following, to select the description for a product:

      SELECT description FROM products WHERE product_code = ?

    The "?" characters are the placeholders. The association of actual
    values with placeholders is known as *binding*, and the values are
    referred to as *bind values*.

    Note that the "?" is not enclosed in quotation marks, even when the
    placeholder represents a string. Some drivers also allow placeholders
    like ":"*name* and ":"*n* (e.g., ":1", ":2", and so on) in addition to
    "?", but their use is not portable.

    With most drivers, placeholders can't be used for any element of a
    statement that would prevent the database server from validating the
    statement and creating a query execution plan for it. For example:

      "SELECT name, age FROM ?"         # wrong (will probably fail)
      "SELECT name, ?   FROM people"    # wrong (but may not 'fail')

    Also, placeholders can only represent single scalar values. For example,
    the following statement won't work as expected for more than one value:

      "SELECT name, age FROM people WHERE name IN (?)"    # wrong
      "SELECT name, age FROM people WHERE name IN (?,?)"  # two names

    When using placeholders with the SQL "LIKE" qualifier, you must remember
    that the placeholder substitutes for the whole string. So you should use
    ""... LIKE ? ..."" and include any wildcard characters in the value that
    you bind to the placeholder.