Java 后台sql注入

JdbcTemplate.update(sql, ArrayList.toArray())

Connection conn = null;
PreparedStatement ps = null;
conn = JdbcUtils.getConnection();
String sql = "select id,name,birthday,money from user where name=?";
ps = conn.prepareStatement(sql);
ps.setString(1, name);
rs = ps.executeQuery();