This week's book giveaway is in the Mac OS forum. We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line! See this thread for details.
The key is to make sure the SQL is secure by itself. This is true regardless of what persistence technology you use. The most important rule is to make sure you always use bind variables (? in JDBC) for any data that could be supplied by the user.