diff --git a/src/main/rules/GCI72/java/GCI72.asciidoc b/src/main/rules/GCI72/java/GCI72.asciidoc
index 25b50b5a..a96218cb 100644
--- a/src/main/rules/GCI72/java/GCI72.asciidoc
+++ b/src/main/rules/GCI72/java/GCI72.asciidoc
@@ -30,23 +30,32 @@ public void foo() {
 [source,java]
 ----
 public void foo() {
-    // ...
-    String query = "SELECT name FROM users where id in (0 ";
-    for (int i = 1; i < 20; i++) {
-
-        query  = baseQuery.concat("," + i);
+    StringBuilder queryBuilder = new StringBuilder("SELECT name FROM users WHERE id IN (");
+    for (int i = 0; i < 20; i++) {
+        if (i > 0) {
+            queryBuilder.append(",");
+        }
+        queryBuilder.append("?");
     }
+    queryBuilder.append(")");
+
+    String query = queryBuilder.toString();
 
-    query  = baseQuery.concat(")");
-    Statement st = conn.createStatement();
-    ResultSet rs = st.executeQuery(query); // compliant
+    try (Connection conn = DriverManager.getConnection("your-database-url");
+         PreparedStatement pst = conn.prepareStatement(query)) {
 
-    // iterate through the java resultset
-    while (rs.next()) {
-        String name = rs.getString("name");
-        System.out.println(name);
+        for (int i = 0; i < 20; i++) {
+            pst.setInt(i + 1, i);
+        }
+
+        try (ResultSet rs = pst.executeQuery()) { // compliant
+            while (rs.next()) {
+                String name = rs.getString("name");
+                System.out.println(name);
+            }
+        }
+    } catch (SQLException e) {
+        e.printStackTrace();
     }
-    st.close();
-    // ...
 }
 ----