- Statement stmt = conn.createStatement();\r
- String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = \"" + k + "\"";\r
- ResultSet rs = stmt.executeQuery(sql);\r
- if (rs.next()) {\r
- v = new Parameters(rs);\r
+ try (PreparedStatement stmt = conn\r
+ .prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {\r
+ stmt.setString(1, k);\r
+ try (ResultSet rs = stmt.executeQuery()) {\r
+ if (rs.next()) {\r
+ v = new Parameters(rs);\r
+ }\r
+ }\r