diff --git a/pom.xml b/pom.xml
index 59ded44..ff38081 100644
--- a/pom.xml
+++ b/pom.xml
@@ -72,6 +72,11 @@
       <version>1.10.19</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-core</artifactId>
+      <version>2.14.1</version>
+    </dependency>
   </dependencies>
   <build>
     <plugins>
diff --git a/src/main/java/demo/security/servlet/Insecure.java b/src/main/java/demo/security/servlet/Insecure.java
index 3ba3d02..60c2f67 100644
--- a/src/main/java/demo/security/servlet/Insecure.java
+++ b/src/main/java/demo/security/servlet/Insecure.java
@@ -8,6 +8,7 @@
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.sql.Connection;
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.Statement;
 
@@ -38,6 +39,15 @@ public String taintedSQL(HttpServletRequest request, Connection connection) thro
     ResultSet resultSet = statement.executeQuery(query);
     return resultSet.getString(0);
   }
+
+  public String taintedSQLByEmail(HttpServletRequest request, Connection connection) throws Exception {
+    String email = request.getParameter("email");
+    String query = "SELECT * FROM users WHERE email = ?";
+    PreparedStatement statement = connection.prepareStatement(query);
+    statement.setString(1, email);
+    ResultSet resultSet = statement.executeQuery();
+    return resultSet.getString(1);
+  }
   
   public String hotspotSQL(Connection connection, String user) throws Exception {
 	  Statement statement = null;