This usually implies a prepared statement, where the parameters are filled in later. (see e.g. http://en.wikipedia.org/wiki/Prepared_statements#Parameterized_statements).

这通常意味着一个准备好的语句，参数在后面填充。（参见例如http://en.wikipedia.org/wiki/Prepared_statements#Parameterized_statements）。

what exactly this query means i means what is the use of ? in this statement.

这个查询到底是什么意思我的意思是有什么用？在这份声明中。

The question marks are for parameters.

问号用于参数。

and one thing more what is use of & in sql.

还有一件事是什么在 sql 中使用 & 。

& is a bitwise AND operator in sql

& 是 sql 中的按位 AND 运算符

& usually denotes a variable or substitution value which you may be prompted for at run time

& 通常表示在运行时可能会提示您输入的变量或替换值

Question marks are found in prepared statements, meaning it is parametrized and can be called again and again without having to reconstruct the whole sql statement, just by changing the parameters. Some frameworks use those that together with SqlCommands. Those encapsulate escaping and prevent sql injection attacks.

在准备好的语句中可以找到问号，这意味着它是参数化的，可以一次又一次地调用，而无需重新构建整个 sql 语句，只需更改参数即可。一些框架将那些与 SqlCommands 一起使用。那些封装转义并防止sql注入攻击。

Some frameworks also allow named parameters.

一些框架还允许命名参数。

The question marks are supposed to contain the actual parameters.

问号应该包含实际参数。

E.g.

例如

"select milk_rate from special_milk_rate 
        where code_producer_id=2 and effective_from <= '20101231' 
        and effective_till >= '20110124'"

Here is nice article:

这是一篇不错的文章：

http://publib.boulder.ibm.com/infocenter/idshelp/v10/topic/com.ibm.sqls.doc/sqls610.htm#sii-02prep-18104

http://publib.boulder.ibm.com/infocenter/idshelp/v10/topic/com.ibm.sqls.doc/sqls610.htm#sii-02prep-18104

In some statements, parameters are unknown when the statement is prepared because a different value can be inserted each time the statement is executed. In these statements, you can use a question-mark ( ? ) placeholder where a parameter must be supplied when the statement is executed.

在某些语句中，在准备语句时参数是未知的，因为每次执行语句时都可以插入不同的值。在这些语句中，您可以使用问号 ( ? ) 占位符，其中在执行语句时必须提供参数。