Before executing a database query, query parameters are parsed and escaped in the method formatValue in SqlPreprocessor. If the param is of type string, it is then passed to PDO::quote().
However, according to PHP.net, PDO::quote() is not implemented by PDO_ODBC:
Not all PDO drivers implement this method (notably PDO_ODBC). Consider using prepared statements instead.
As a result, queries with ? placeholders for string params are stripped off the placeholders, but the actual param values are not filled in. Therefore the preprocessed query produces an SQL syntax error.