From 06b7c64fdfd877cbb15cf99f61506377e8f55fd8 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Tue, 27 Aug 2024 16:07:40 +0000
Subject: [PATCH] mobb fix commit: 775d446f-a3c3-469b-a194-e25c3ed0672f

---
 src/main/java/SQLInjectionExample.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/SQLInjectionExample.java b/src/main/java/SQLInjectionExample.java
index edb9bc4..8886abb 100644
--- a/src/main/java/SQLInjectionExample.java
+++ b/src/main/java/SQLInjectionExample.java
@@ -1,3 +1,4 @@
+import java.sql.PreparedStatement;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -11,10 +12,11 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         try {
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
 
-            String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';"; 
-            Statement stmt = con.createStatement();
+            String query = "SELECT * FROM users WHERE username = ?;"; 
+            PreparedStatement stmt = con.prepareStatement(query);
 
-            stmt.executeQuery(query);
+            stmt.setString(1, request.getParameter("username"));
+            stmt.executeQuery();
         } catch (Exception e) {
             throw new ServletException(e);
         }