A parameterized SQL statement contains parameters, or variables, the values of which can be varied at design time or runtime. Parameters can replace data values, such as those used in a WHERE clause for comparisons, that appear in an SQL statement. Ordinarily, parameters stand in for data values passed to the statement. For example, in the following INSERT statement, values to insert are passed as parameters:
INSERTINTO Country (Name, Capital, Population)
VALUES (:Name, :Capital, :Population)
In this SQL statement, :Name, :Capital, and :Population are placeholders for actual values supplied to the statement at runtime by your application. Note that the names of parameters begin with a colon. The colon is required so that the parameter names can be distinguished from literal values. You can also include unnamed parameters by adding a question mark (?) to your query. Unnamed parameters are identified by position, because they do not have unique names.
Before the dataset can execute the query, you must supply values for any parameters in the query text.
with ABSQuery1 do begin
DatabaseName := 'emp_db';
SQL.Text := 'select * from employee where FirstName=:FirstName';
Params.AsString := 'Leslie';