Is SQL injection possible in the below code? String username = request.getParameter(“username”); String password = request.getParameter(“password”); conn = pool.getConnection( ); PreparedStatement pstmt = conn.prepareStatement(“select * from user where username=”+username+” and password=”+password); pstmt.execute(); rs = pstmt.getResultSet();