This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
1.) Do not write database connection code in JSPs. Use a normal Java class (DAO) that you call from a servlet.
2.) Always close resultselts, statements and connections in a finally block.
3.) Use a PreparedStatement for passing parameters to your query. That will prevent SQL injection and fix the SQL syntax error you are getting.
E. is not steering you wrong -- you should not be putting any Java code in a JSP. That is a bad bad practice from long long ago. Modern JSP pages (that is, anything written in the past 12 years) should be free of Java code.