mysql- problem with prepared statemnt

public String authenticateUser(String username, String password) throws SQLException{
sql_str = "SELECT USERNAME, PLAINPASSWORD FROM USER WHERE USERNAME = ?";
String user = null;
String pass = null;
String res = null;

pstmt = conn.prepareStatement(sql_str);
pstmt.setString(1, username);

res_set = pstmt.executeQuery(sql_str);
if(res_set.next()){
user = res_set.getString(1);
pass = res_set.getString(2);
}
if(user.equals(username) && pass.equals(password)){
res = "success";
System.out.println("Authenticated");
}else{
res = "failed";
}
return res;
}

with athe above code i am getting this exception why?
connection is being established in differnt class.
Connection Established:com.mysql.jdbc.Connection@145d068
com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?)' at line 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:936)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2870)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1573)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3170)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3099)
at com.mysql.jdbc.Statement.executeQuery(Statement.java:1169)
at com.stpl.pocs.commons.UserData.authenticateUser(UserData.java:33)
at com.stpl.pocs.commons.UserData.main(UserData.java:68)

Your code should be:

The error you get because you are trying to execute the PreparedStatement without assigning a parameter. You've already create the statment with you select query and the parameter has also been set. So to get the ResultSet just call the executeQuery() method, not the overloaded method that accept a query string.
[ December 31, 2007: Message edited by: I Wayan Saryada ]

Thanks, I got the Insight of things i got to take care of when programming with JDBC.

thanks a lot.