this is because you populate the prepared statement params using the data type call
.setString(...) or .setInteger(...) etc therefore you dont need to put the quotes.
When you get a PreparedStatement from connection the passed query is compiled and stored into Oracle so every time its just the params that are populated using the setters.
I do some of my very best work in water. Like this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!