diff --git a/docs/codemods/java/pixee_java_sql-parameterizer.md b/docs/codemods/java/pixee_java_sql-parameterizer.md index 6283e7a..7649a10 100644 --- a/docs/codemods/java/pixee_java_sql-parameterizer.md +++ b/docs/codemods/java/pixee_java_sql-parameterizer.md @@ -18,7 +18,7 @@ Our changes look something like this: ```diff - Statement stmt = connection.createStatement(); - ResultSet rs = stmt.executeQuery("SELECT * FROM users WHERE name = '" + user + "'"); -+ PreparedStatement stmt = connection.prepareStatement(); ++ PreparedStatement stmt = connection.prepareStatement("SELECT * FROM users WHERE name = ?"); + stmt.setString(1, user); + ResultSet rs = stmt.executeQuery(); ```