将代码转换为非拼接字符串 怎么转换

string sql = "select * from BookInfo where id =" + id;

String sql = "select * from BookInfo where id = ?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setInt(1, id);
ResultSet rs = pstmt.execute Query();