Not sure , which database you are using. But you should be needing the number of ? equals to number of values youar passing.
suppose you have two values for in clause , then it should be :-
where cpm.catalogueno in (?,?)
and you should be setting same number of string.
stmt.setString(1,"somevalue");
stmt.setString(2,"somevalue2");
You need to write teh loop on keyset on both statments to append the ? and setting the string parameter