Xygeni SAST java.sql_injection issues ...on/SqlInjectionLesson8.java 142

[julioxygeni]

Fixed java.sql_injection issues in src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java at line 142

• java.sql_injection : 142
  • Fix: The SQL query was modified to use a PreparedStatement instead of a Statement. This change involves using placeholders (?) in the SQL query and setting the values using setString methods. This prevents SQL injection by ensuring that user inputs are treated as data rather than executable code.
  • Guide: Always use PreparedStatement for executing SQL queries with user inputs. This helps in preventing SQL injection attacks by parameterizing the query and separating SQL logic from data.