I recently encountered this problem with Java PreparedStatements. I have the following code:

String selectSql1
        = "SELECT `value` FROM `sampling_numbers` WHERE `value` < (?)" ;
    ResultSet rs1 = con.select1(selectSql1,randNum);

where the select1 method is

    public ResultSet select1(String sql, int randNum) {
    try {
        this.stmt = con.prepareStatement(sql);
        stmt.setInt(1, randNum);
        return this.stmt.executeQuery(sql);
    } catch (SQLException e) {
        e.printStackTrace();
        return null;
    }
}

However, it keeps throwing this error:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?)' at line 1
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
    at com.mysql.jdbc.Util.getInstance(Util.java:386)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1054)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4237)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4169)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2617)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2778)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2828)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2777)
    at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1651)
    at util.P_DBCon.select1(P_DBCon.java:59)
    at app.RandomNumberGenerator.main(RandomNumberGenerator.java:60)

    Exception in thread "main" java.lang.NullPointerException
    at app.RandomNumberGenerator.main(RandomNumberGenerator.java:64)

This problem does not happen when I do the naive way of doing "...value < " + randNum but I would like to do so this way.

Any help is much appreciated.

UPDATE

I tried with the various recommendations by the community, like

String selectSql1
        = "SELECT `value` FROM `sampling_numbers` WHERE value < ?" ;

String selectSql1
        = "SELECT value FROM sampling_numbers WHERE value < ?" ;

and still the error message comes out.

The solution to your problem is actually very easy, you are calling Statement.executeQuery(String) when you want to call PreparedStatement.executeQuery() -

this.stmt = con.prepareStatement(sql); // Prepares the Statement.
stmt.setInt(1, randNum);               // Binds the parameter.
// return this.stmt.executeQuery(sql); // calls Statement#executeQuery
return this.stmt.executeQuery();       // calls your set-up PreparedStatement

public ResultSet select1(String sql, int randNum) {
    try {
        this.stmt = con.prepareStatement(sql);
        stmt.setInt(1, randNum);
        return this.stmt.executeQuery();
    } catch (SQLException e) {
        e.printStackTrace();
        return null;
    }
}

for reference see below code

PreparedStatement statement =  con.prepareStatement("SELECT EMP_ID,EMP_PWD FROM employee " +
                    "WHERE EMP_ID = '"+param1+"'");
            ResultSet result = statement.executeQuery();