Don't parse SQL statements

NamedParameterStatement parses the SQL string. There is no need, and error prone. There could be vendor specific extensions, weird pl/sql syntax that will fail. There should be no need to figure out what indexes/fields there are in the statement. Bindings should take care of them.
