The solution to your problem is actually very easy, you are calling Statement.executeQuery(String) when you want to call PreparedStatement.executeQuery() –
this.stmt = con.prepareStatement(sql); // Prepares the Statement.
stmt.setInt(1, randNum); // Binds the parameter.
// return this.stmt.executeQuery(sql); // calls Statement#executeQuery
return this.stmt.executeQuery(); // calls your set-up PreparedStatement