This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
1) serialnumber is a number. The like operator compares strings. You actually want to test equality here: where serialnumber = 2
2) As already hinted by Paul, use PreparedStatement and bind variables. They are inherently safer (protect you from sql injection attacks), usually more performant and definitely easier to use (no need to quote and escape strings). I'm not going to explain it further here, as all good JDBC tutorials cover this (if you read a JDBC tutorial that does not cover PreparedStatement and bind variables, stop reading it). Tutorials on Oracle's web are probably among the best.