String values in SQL queries are written in quotes. One has to use escape characters for that purpose which is tricky. If we use PreparedStatement, then JDBC handles the escaping for us.
ps = conn.prepareStatement (
"INSERT INTO students(name, address) VALUES(?,?)");
ps.setString (1, name;
ps.setString (2, address);
int count = ps.executeUpdate ();