In the ExecuteSQL task the '?' symbol is a placeholder for parameters. You can map parameters to these placeholders using the ExecuteSQL Task Editor dialog. Don't forget that if it is an output parameter to use the word OUTPUT as you would in any call to a stored proc with an output parameter.
Judging by your use of an ActiveX script task you are obviously using DTS2000 in which case this is the wrong forum on which to place this question. Try the regular Data Warehousing-->DTS forum!