- try(Statement stmt = conn.createStatement()) {\r
- String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";\r
- try(ResultSet rs = stmt.executeQuery(sql)) {\r
+ try (PreparedStatement stmt = conn\r
+ .prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {\r
+ stmt.setString(1, k);\r
+ try (ResultSet rs = stmt.executeQuery()) {\r