This example shows the use of parameter binding. The positional markers (?) in the SQL string are bound to the elements in the list in the third argument of odbc_query_execute_sql/5. The fourth argument is a list of datatypes corresponding to the parameters.
:- use_module(library(odbc)).
example2 :-
odbc_env_open('SQL_OV_ODBC3', EnvHandle),
odbc_db_open('MyDatabase', EnvHandle, ConnectionHandle),
odbc_query_open(ConnectionHandle, StatementHandle),
odbc_query_execute_sql(StatementHandle,
'INSERT INTO scratch (vehicle, wheels) VALUES (?, ?)',
["railwaycar", 8],
['SQL_VARCHAR', 'SQL_INTEGER'],
ResultSet),
odbc_query_close(ResultSet),
odbc_db_close(ConnectionHandle),
odbc_env_close(EnvHandle).