You can prepare statements that are allowed to have parameters for which the value is not specified when the statement is prepared using PreparedStatement methods in the JDBC API. These parameters are called dynamic parameters and are represented by a question mark (?).
The JDBC API documentation refers to dynamic parameters as IN, INOUT, or OUT parameters. In SQL, they are always IN parameters.
You must specify values for dynamic parameters before executing the statement. The values specified must match the types expected.