From c5d9174ab2a06e07a6382b473ab35d6a0a6d13a5 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Wed, 17 Dec 2025 07:36:45 +0000
Subject: [PATCH] mobb fix commit: 93054338-d853-4030-8c9a-47cb3c586cc6

---
 .../sqlinjection/introduction/SqlInjectionLesson2.java        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
index 5540f31a4f..08881b20f2 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
@@ -61,8 +61,8 @@ public AttackResult completed(@RequestParam String query) {
 
   protected AttackResult injectableQuery(String query) {
     try (var connection = dataSource.getConnection()) {
-      Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
-      ResultSet results = statement.executeQuery(query);
+      java.sql.PreparedStatement statement = connection.prepareStatement(query, TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
+      ResultSet results = statement.executeQuery();
       StringBuilder output = new StringBuilder();
 
       results.first();