In my comment on @ZERO's answer (repeated here as an answer, so it is not forgotten by SSIS beginners).
The OP question is used heavily for SSIS property expressions.
To pass SSIS variables to the query string, you can combine it into an expression set for the SqlStatementSource property:
"INSERT INTO MYLOG (COL1) SELECT " + @[System::MachineName]
This does not mean that the accepted answer is not a good template, since, as a rule, a parameterized approach is safer (against SQL injection) and faster (when reused) than directly manipulating the query string. But for a system variable (as opposed to a user-entered string), this solution should be safe from SQL injection, and it will be about as fast or faster than a parameterized query if it is reused (since the machine name does not change).
source share