Is it possible to exploit prepared statements that both joins strings and uses parameters? If it is possible, how?
PreparedStatement prepstmt = conn.prepareSt
