Understanding the Issue with PreparedStatement setString: Avoiding SQL Injection Attacks with Parameterized Queries