You can bind variables, if I remember well, not with named parameters (like :something), but with '?' (positional param) instead in your sql query, so variables are queued in the order they appear in the query, you map first param with first '?', and so on...
SELECT column FROM table WHERE value in (?, ?, ?, ?)