try {\r
DB db = new DB();\r
Connection conn = db.getConnection();\r
- try(Statement stmt = conn.createStatement()) {\r
- try(ResultSet rs = stmt.executeQuery("select COUNT(*) from FEEDS where FEEDID = " + id)) {\r
+ try(PreparedStatement stmt = conn.prepareStatement("select COUNT(*) from FEEDS where FEEDID = ?")) {\r
+ stmt.setInt(1, id);\r
+ try(ResultSet rs = stmt.executeQuery()) {\r
if (rs.next()) {\r
count = rs.getInt(1);\r
}\r