diff --git a/src/main/java/SQLInjectionExample.java b/src/main/java/SQLInjectionExample.java
index 903f009..fc02cc8 100644
--- a/src/main/java/SQLInjectionExample.java
+++ b/src/main/java/SQLInjectionExample.java
@@ -7,11 +7,12 @@ public static void main(String[] args) throws SQLException {
         // ó
         Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db", "root", "root");
         // ó
-        String query = "SELECT * FROM users WHERE username = '" + userInputA + "';";
+        String query = "SELECT * FROM users WHERE username = ?;";
         // ó
-        Statement stmt = con.createStatement();
+        PreparedStatement stmt = con.prepareStatement(query);
         // ó
-        ResultSet rs = stmt.executeQuery(query);
+        stmt.setString(1, userInputA);
+        ResultSet rs = stmt.executeQuery();
 
         while (rs.next()) {
             String username = rs.getString("username");