Reports calls to java.sql.Statement.execute(), or any
of its variants, which take a dynamically-constructed string as the query to execute.
Constructed SQL statements are a common source of security breaches.
By default this inspection ignores compile-time constants.
Use the checkbox below to consider any static final fields as constant.
Be careful, because strings like the following will be ignored when the option is enabled:
private static final String SQL =
"SELECT * FROM user WHERE name='" + getUserInput() + "'";