PreparedStatement使用注意

String sql = "SELECT value from user where" + 
"`" + idField + "`" + "=?";
st = (PreparedStatement) connection.prepareStatement(sql);
st.setString(1, "0001");
rs = st.executeQuery(sql);//此处会报错！

String sql = "SELECT value from user where" + "`" + idField + "`" + "=?";
st = (PreparedStatement) connection.prepareStatement(sql);
st.setString(1, "0001");
rs = st.executeQuery(sql);//此处会报错！

mysql报错如下：
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1

解决办法：
将rs = st.executeQuery(sql)改为rs = st.executeQuery()