To prevent SQL Injection we should right parameterized query. In java, we can write parameterized query using PreparedStatement Interface. But, this interface supports passing parameter to the query only by index, not by name. Let's take a look at how