QueryAll and QueryOne work okay with strings. 

But I'd like to be able to pass parameterized queries to them.  Am I correct that this is not supported?  What are my options?

I.e. something like this: 
queryAll('select * from stocks where symbol=?', (symbol,))

(My actual queries are much more complicated, of course).

I am using PostgreSQL, if it matters.