参数中的java准备语句？

代码：

        java.sql.PreparedStatement pstmt=null;
        String sql = "UPDATE Person SET address = ? WHERE name = ? ";
        pstmt=thecon.prepareStatement(sql);
        String addVar= JOptionPane.showInputDialog("Enter the new address");
        String nameVar=JOptionPane.showInputDialog("Enter the Name");
        pstmt.setString(1 , addVar);
        pstmt.setString(2, nameVar);


        // Tell affected no of rows in table
        int num = pstmt.executeUpdate(sql);
      //Step 7: Process the results of the query
        System.out.println(num + " records updated"); 
        thecon.close();
    } catch (SQLException e) {
        System.out.println("sql problem:   "+e);
    }

例外情况：

sql problem: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? WHERE name = ?' at line 1