- public static Parameters getParameter(String k) {\r
- Parameters v = null;\r
- try {\r
- DB db = new DB();\r
- @SuppressWarnings("resource")\r
- Connection conn = db.getConnection();\r
- Statement stmt = conn.createStatement();\r
- String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";\r
- ResultSet rs = stmt.executeQuery(sql);\r
- if (rs.next()) {\r
- v = new Parameters(rs);\r
+ public static Parameters getParameter(String key) {\r
+ Parameters val = null;\r
+ DB db = new DB();\r
+ String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?";\r
+ try (Connection conn = db.getConnection();\r
+ PreparedStatement stmt = conn.prepareStatement(sql)) {\r
+ stmt.setString(1, key);\r
+ try (ResultSet rs = stmt.executeQuery()) {\r
+ if (rs.next()) {\r
+ val = new Parameters(rs);\r
+ }\r