From 9ebe59f943a203cf4ddb40006f74edbc1262719f Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Mon, 26 Jan 2026 09:16:50 +0000
Subject: [PATCH] mobb fix commit: 1b2a804e-ee6e-412e-8287-b677b1e2fcf1

---
 .../sqlinjection/introduction/SqlInjectionLesson4.java      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
index 2299becc49..a6606754b9 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
@@ -57,9 +57,9 @@ public AttackResult completed(@RequestParam String query) {
 
   protected AttackResult injectableQuery(String query) {
     try (Connection connection = dataSource.getConnection()) {
-      try (Statement statement =
-          connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
-        statement.executeUpdate(query);
+      try (java.sql.PreparedStatement statement =
+          connection.prepareStatement(query, TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
+        statement.executeUpdate();
         connection.commit();
         ResultSet results = statement.executeQuery("SELECT phone from employees;");
         StringBuilder output = new StringBuilder();