Does using preparedStatement mean there will not be any SQL Injection?

Question

I have read that to prevent SQL Injection one must use PreparedStatement.
Does that mean if i am using perparedStatement then no one can perform SQL Injection in any of my p

Answer 1

prepared statements do not cover non-data parts of the query - identifiers and operators.
thus, if some of them are variable and being added to the query directly, injection is possible.

thanks to limited number of possible options, all variable identifiers should be chosen from pre-written variants based on user input. same for operators.
No user input should be added to the query directly.