java jdbc报错

        PreparedStatement preStmt=null;
        int rs=0;
        String sql = "INSERT INTO hr_role (nc_id,name) values (?,?)";      
        Set<String> key = map.keySet();
        for (Iterator<String> it = key.iterator(); it.hasNext();) {
            String number = it.next();
            System.out.println(number + ":" + map.get(number));
            try {
                preStmt= conn.prepareStatement(sql);
                preStmt.setInt(1, Integer.parseInt(number));  
                preStmt.setString(2, map.get(number));  
                rs=preStmt.executeUpdate(sql);

            } catch (Exception e) {
                e.printStackTrace();
            }
        }

每次执行都会报错
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?,?)' at line 1
at sun.reflect.GeneratedConstructorAccessor7.newInstance(Unknown Source)

map中都是有值的 sql语法也没错，那是什么问题啊？谢谢