Code snippet presented below inserts into a database table using PreparedStatement.

Java Code:
PreparedStatement stmt = null;
String sql;     
int rows;       

try {
  sql = "INSERT INTO tCust" 
        + "(custName) "
        + "VALUES "
        + "(?)";
  stmt = theConn.prepareStatement(sql); 
  stmt.setString(1, "Name with \" are permitted!"); 
  rows = stmt.executeUpdate(); 
  theConn.commit(); 
  stmt.close(); 
  System.out.println(sql);             
  }
catch (Exception e){ 
  e.printStackTrace(); 
}