Java Sql语句中查询变量

Sql语句中，查询变量：’"+users+"’，users是变量名：

package com.snack.pay;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import com.snack.model.Orderinfo;
public class DayinfoDao {
	
	public List getPowerList(Connection con,String users)throws Exception{
		String sql="select * from orderinfo where s_qDate='"+users+"' order by s_id desc LIMIT 10";
		//select * from tb_gm3 order by id desc LIMIT 1
		PreparedStatement pstmt=con.prepareStatement(sql);
		ResultSet rs=pstmt.executeQuery();
		List powerList=new ArrayList();
		while(rs.next()){
			Orderinfo power=new Orderinfo();
			power.setsId(rs.getInt("s_id"));
			power.setsImported(rs.getInt("s_Imported"));
			power.setsScore(rs.getInt("s_score"));
			power.setsCreatedate(rs.getString("s_createDate"));
			power.setsPrice(rs.getDouble("s_price"));
			powerList.add(power);
		}
		return powerList;
	}
}