mysql- Parameter index out of range

代码如下 求解哪里错误
package com.pact.mobilestore;

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class openorder extends HttpServlet {

/** *  */private static final long serialVersionUID = 1L;public void doPost(HttpServletRequest request, HttpServletResponse response)        throws ServletException, IOException {    // 统一编码格式    request.setCharacterEncoding("UTF-8");    response.setContentType("text/html; charset=UTF-8");    Connection conn = null; // 连接对象    PreparedStatement preparedStatement = null;    HttpSession session = request.getSession();    Object obj = session.getAttribute("currId");    String UId = (String) obj;    String option = request.getParameter("option");    int op =Integer.parseInt(option);       switch(op)     {     case 0:         try {            Class.forName("com.mysql.jdbc.Driver");            String url = "jdbc:mysql://localhost:3306/mobilestore";            String userName = "root";            String pass = "root";            conn = DriverManager.getConnection(url, userName, pass);            String sql = "select * from `order` where UId =?";            preparedStatement = conn.prepareStatement(sql);            preparedStatement.setString(1, UId);            java.sql.ResultSet rs = preparedStatement.executeQuery();            List list = new ArrayList();            while (rs.next()) {                Entery4 ent4 = new Entery4();                String OId = rs.getString("OId");                String Date = rs.getString("Date");                String payDate = rs.getString("payDate");                String Total = rs.getString("Total"); // 购买的数量                String state = rs.getString("state");                ent4.setOId(OId);                ent4.setUserId(UId);                ent4.setDate(Date);                ent4.setPayDate(payDate);                ent4.setTotal(Total);                ent4.setState(state);                list.add(ent4);            }            rs.close();            request.setAttribute("info", list);        } catch (SQLException e) {            // TODO: handle exception            e.printStackTrace();        } catch (ClassNotFoundException e) {            // TODO Auto-generated catch block            e.printStackTrace();        } finally {            try {                preparedStatement.close();                conn.close();            } catch (Exception e2) {                // TODO: handle exception            }        }                       request.getRequestDispatcher("myorder.jsp").forward(request,                response);           break;        case 1:             try {                Class.forName("com.mysql.jdbc.Driver");                String url = "jdbc:mysql://localhost:3306/mobilestore";                String userName = "root";                String pass = "root";                conn = DriverManager.getConnection(url, userName, pass);                String sql = "select * from `order` where UId = ?and state =?";                preparedStatement = conn.prepareStatement(sql);                preparedStatement.setString(1, UId);                preparedStatement.setString(2, "未支付");                java.sql.ResultSet rs = preparedStatement.executeQuery();                List list = new ArrayList();                while (rs.next()) {                    Entery4 ent4 = new Entery4();                    String OId = rs.getString("OId");                    String Date = rs.getString("Date");                    String payDate = rs.getString("payDate");                    String Total = rs.getString("Total"); // 购买的数量                    String state = rs.getString("state");                    ent4.setOId(OId);                    ent4.setUserId(UId);                    ent4.setDate(Date);                    ent4.setPayDate(payDate);                    ent4.setTotal(Total);                    ent4.setState(state);                    list.add(ent4);                }                rs.close();                request.setAttribute("info", list);            } catch (SQLException e) {                // TODO: handle exception                e.printStackTrace();            } catch (ClassNotFoundException e) {                // TODO Auto-generated catch block                e.printStackTrace();            } finally {                try {                    preparedStatement.close();                    conn.close();                } catch (Exception e2) {                    // TODO: handle exception                }            }                           request.getRequestDispatcher("myorder1.jsp").forward(request,                    response);           break;        case 2:             try {                Class.forName("com.mysql.jdbc.Driver");                String url = "jdbc:mysql://localhost:3306/mobilestore";                String userName = "root";                String pass = "root";                conn = DriverManager.getConnection(url, userName, pass);                String sql = "select * from `order` where UId = ? and state =?";                preparedStatement = conn.prepareStatement(sql);                preparedStatement.setString(1, UId);                preparedStatement.setString(2, "已支付");                java.sql.ResultSet rs = preparedStatement.executeQuery();                List list = new ArrayList();                while (rs.next()) {                    Entery4 ent4 = new Entery4();                    String OId = rs.getString("OId");                    String Date = rs.getString("Date");                    String payDate = rs.getString("payDate");                    String Total = rs.getString("Total"); // 购买的数量                    String state = rs.getString("state");                    ent4.setOId(OId);                    ent4.setUserId(UId);                    ent4.setDate(Date);                    ent4.setPayDate(payDate);                    ent4.setTotal(Total);                    ent4.setState(state);                    list.add(ent4);                }                rs.close();                request.setAttribute("info", list);            } catch (SQLException e) {                // TODO: handle exception                e.printStackTrace();            } catch (ClassNotFoundException e) {                // TODO Auto-generated catch block                e.printStackTrace();            } finally {                try {                    preparedStatement.close();                    conn.close();                } catch (Exception e2) {                    // TODO: handle exception                }            }                           request.getRequestDispatcher("myorder2.jsp").forward(request,                    response);            break; 

// default:
// System.out.println("default");
// break;
}
}

public void doGet(HttpServletRequest req, HttpServletResponse resp)        throws ServletException, IOException {            doPost(req, resp);        }   

}

错误提示截取
java.sql.SQLException: Parameter index out of range (2 > number of parameters, which is 1).
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:910)
at com.mysql.jdbc.PreparedStatement.setInternal(PreparedStatement.java:2715)
at com.mysql.jdbc.PreparedStatement.setString(PreparedStatement.java:3546)
at com.pact.mobilestore.openorder.doPost(openorder.java:56)
at com.pact.mobilestore.openorder.doGet(openorder.java:221)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)