SQL Parametrisation allows you to put variables into your SQL statements.
Just replace the variable parts of your SQL statement with variables like ':variable' and you will be prompted on SQL execution for the value.
An example:
SELECT *
FROM customer
WHERE last_name = :last_name
;
When you execute this SQL, you will be asked for a value for ':last_name'. This value will be quoted unless it can be expressed as an int or a float. If this is the case you can use the "Quote Value" checkbox to force the quotes around the value.