Potential fix for code scanning alert no. 46: Query built from user-controlled sources

Fix SQL injection in Benchmark00839.java:75

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: davewichers

src/main/java/org/owasp/benchmark/testcode/Benchmark00839.java

@@ -72,14 +72,15 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
 
         bar = (7 * 42) - num > 200 ? "This should never happen" : param;
 
-        String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='" + bar + "'";
+        String sql = "SELECT * from USERS where USERNAME=? and PASSWORD=?";
 
         try {
             java.sql.Connection connection =
                     org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
             java.sql.PreparedStatement statement =
                     connection.prepareStatement(sql, new String[] {"Column1", "Column2"});
             statement.setString(1, "foo");
+            statement.setString(2, bar);
             statement.execute();
             org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, response);
         } catch (java.sql.SQLException e) {