Parameters are handed over to the database server as typed values along with the SQL statement at execution time. Before a statement is handed over to the database server, it is rewritten to use JDBC parameter markers ('?') as follows:
Example
SELECT * FROM table WHERE column IN (:list)
with 3 elements in the list is rewritten to
SELECT * FROM table WHERE column IN (?,?,?)
The last rule provides a valid SQL statement for an empty list. Note that if the list of values is empty, both IN and NOT-IN predicates return the same result: UNKNOWN and not FALSE.