Visu, You have the right idea with the commented out part. Good start!
I think you need to use a PreparedStatement since you are inserting a BLOB. It seems tough to represent a file in a SQL query. You can pass a byte[] or ByteArrayInputStream to the prepared statement.