CWE-89：对SQL命令（“ SQL注入”）中使用的特殊元素进行不正确的中和

Question

我收到以下警告：

  

CWE-89：在insertCount = aBatchPstmt.executeBatch（）;处对SQL命令（“ SQL注入”）异常中使用的特殊元素进行了不正确的中和。使用参数化查询可以防止SQL注入

我相信我遵循了建议，但仍然看到相同的消息。  我该如何解决？

    int[] insertCount = null;
    if (stmtLogList.size() > 0) {
        Connection dbConnection = getDBConnection();
        PreparedStatement aBatchPstmt = null;
        try {

            String anInsertQuery = "INSERT INTO " + getDBName() + ".dbo."
                    + "statementGenerationlog  (CountryCode,CIFNumber,FileName,ZipFilename,Status,BatchRunDate,logDesc,FileType) values (?,?,?,?,?,?,?,?)";

            aBatchPstmt = dbConnection.prepareStatement(anInsertQuery);
            for (StatementGenerationLogBean aLogDetails : stmtLogList) {
                aBatchPstmt.setString(1, aLogDetails.getCountryCode());
                aBatchPstmt.setString(2, aLogDetails.getCifNumber());
                aBatchPstmt.setString(3, aLogDetails.getFileName());
                aBatchPstmt.setString(4, aLogDetails.getZipFileName());
                aBatchPstmt.setInt(5, aLogDetails.getStatus());
                aBatchPstmt.setString(6, aLogDetails.getBatchRunDate());
                aBatchPstmt.setString(7, aLogDetails.getLogDesc());
                aBatchPstmt.setString(8, aLogDetails.getFileType());
                aBatchPstmt.addBatch();
            }
            insertCount = aBatchPstmt.executeBatch();

        } finally {
            closeDB(dbConnection);
            closePreparedStatement(aBatchPstmt);
        }
    }
    return insertCount;

}