From 6dfa65139c4b8020c7c06e8d17bb6748e3366e3f Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Thu, 18 Dec 2025 19:23:32 +0000
Subject: [PATCH] mobb fix commit: 69ad73f0-8761-4f0c-a571-11c3f51a808e

---
 .../sqlinjection/introduction/SqlInjectionLesson4.java      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
index 2299becc49..a6606754b9 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
@@ -57,9 +57,9 @@ public AttackResult completed(@RequestParam String query) {
 
   protected AttackResult injectableQuery(String query) {
     try (Connection connection = dataSource.getConnection()) {
-      try (Statement statement =
-          connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
-        statement.executeUpdate(query);
+      try (java.sql.PreparedStatement statement =
+          connection.prepareStatement(query, TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
+        statement.executeUpdate();
         connection.commit();
         ResultSet results = statement.executeQuery("SELECT phone from employees;");
         StringBuilder output = new StringBuilder();