1) serialnumber is a number. The like operator compares strings. You actually want to test equality here: where serialnumber = 2
2) As already hinted by Paul, use PreparedStatement and bind variables. They are inherently safer (protect you from sql injection attacks), usually more performant and definitely easier to use (no need to quote and escape strings). I'm not going to explain it further here, as all good JDBC tutorials cover this (if you read a JDBC tutorial that does not cover PreparedStatement and bind variables, stop reading it). Tutorials on Oracle's web are probably among the best.