How can I use variables when running an SQL query