There are lexical (i.e. string substitution) parameter (&paramName) and SQL bind variables (aramName). JDeveloper/ADF does not support lexical substitution parameters since, in general, allowing the end-user to supply values for lexical substitution variables exposes your application to so-called SQL-injection attacks. A carefully crafted value can allow an end-user to see data they shouldn't otherwise be allowed to see. It would be possible to achieve a similar effect, but would require some programming to perform the string substitution in Java. Generally we recommend using proper SQL bind variables so that your application data stays safe from SQL-injection attacks.

Are you using the string substitution so that a developer can supply a comma-separated list of keys to be substituted into an IN(...) clause? Or some other use case?