为了形成查询，您应该使用

In order to form a query you should use PreparedStatement.

用法示例:

String query = "INSERT INTO some_table (col1,col2,col3) values (?,?,?)
PreparedStatement stmt = null;
stmt = con.prepareStatement(query);
//now use the values from the xml and bind them to the statement
stmt.setString(someStringValue);
stmt.setInt(someIntValue);
...
stmt.execute();