It is recommended to replace java.sql.Statement with java.sql.PreparedStatement.

DDMQ/rocketmq/broker/src/main/java/org/apache/rocketmq/broker/transaction/jdbc/JDBCTransactionStore.java

Line 128 in 2f30b61

statement.execute(sql);

It is recommended to replace java.sql.Statement with java.sql.PreparedStatement.

You are right, thank you for your suggestion.