Hi Shadi,
Looks like you are not constructing your query string ( variable query in your example ) . Put a try catch block to surround the below statements and check the error message.
try{
var pstmt = conn.prepareStatement(query);
var rs = pstmt.executeQuery();
}
catch(err)
{
$.response.setBody(err.message);
}
Sree