I don't think you need to worry about using parameters on the query itself... you can do it simply with concatenated strings like so...
function InsertToDb(var1 ,var2)
{
var Qry;
Qry = ADO.CreateADOQuery();
var conStr = SQLUtilities.ConnectionString;
Qry.ConnectionString = conStr;
try
{
Qry.SQL = "INSERT INTO example (column1,column2) VALUES (\'" + var1 + "\',\'" + var2 +"\')"
Qry.ExecSQL();
}
catch(e )
{
Log.Error(e.description);
}
Qry.Close();
}
Note that, in my example, I'm assuming Var1 and Var2 are strings so I needed to include the "\'" special character in order to designate the string identifiers.