@SuppressWarnings("resource")\r
Connection conn = db.getConnection();\r
Statement stmt = conn.createStatement();\r
- String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = \"" + k + "\"";\r
+ String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";\r
ResultSet rs = stmt.executeQuery(sql);\r
if (rs.next()) {\r
v = new Parameters(rs);\r