- try(Statement stmt = conn.createStatement()) {\r
- String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";\r
- try(ResultSet rs = stmt.executeQuery(sql)) {\r
+ try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {\r
+ stmt.setString(1, k);\r
+ try(ResultSet rs = stmt.executeQuery()) {\r