String values in SQL queries are written in quotes. One has to use escape characters for that purpose which is tricky. If we use PreparedStatement, then JDBC handles the escaping for us.
Java Code:
PreparedStatement ps;
ps = conn.prepareStatement (
"INSERT INTO students(name, address) VALUES(?,?)");
ps.setString (1, name;
ps.setString (2, address);
int count = ps.executeUpdate ();
ps.close ();