This example shows the use of parameter binding. The positional markers (?) in the SQL string are bound to the elements in the list in the third argument of odbc_query_execute_sql/5. The fourth argument is a list of datatypes corresponding to the parameters.
:- use_module(library(odbc)). example2 :- odbc_env_open('SQL_OV_ODBC3', EnvHandle), odbc_db_open('MyDatabase', EnvHandle, ConnectionHandle), odbc_query_open(ConnectionHandle, StatementHandle), odbc_query_execute_sql(StatementHandle, 'INSERT INTO scratch (vehicle, wheels) VALUES (?, ?)', ["railwaycar", 8], ['SQL_VARCHAR', 'SQL_INTEGER'], ResultSet), odbc_query_close(ResultSet), odbc_db_close(ConnectionHandle), odbc_env_close(EnvHandle).