Statements hacken

public class Main {
    public static void main(String[] args) throws SQLException {
        HikariDataSource ds = HikariSetup.createDataSource();

		// Change the title to inject a condition that will allow reading all books
        String titleParameter = "To Kill a Mockingbird";

        String query = "SELECT * FROM books WHERE title = '" +  titleParameter + "'";

        try (Connection conn = ds.getConnection()) {
            Statement stmt = conn.createStatement();
            ResultSet rs = stmt.executeQuery(query);
            while (rs.next()) {
                System.out.printf("ID: %d, Title: %s (%d)%n", rs.getInt("book_id"), rs.getString("title"), rs.getInt("publication_year"));
            }
        }
    }
}