public void dummyFunction(String var1,String var2){ 
    try{ 
        Connection con=getConnection(); 
        String query=”select * from table1 where col1=”+var1 +”and col2=”+var2; 
        Statement st=conn.createStatement(); 
        ResultSet rs=st.executeQuery(query); 
        …… ….. 
    } catch(Exception e) { } 

} 

var1 and var2 are inputs from user directly passed to this functions. This code is