Also, after solving your immediate concern you should learn about SQL Injection risks and using preparedStatement in Java to mitigate that risk. The style you are using here is simply bad code.
That fact that you don't re-throw the SQLException is also bad (can't tell if that is mock-up code or live production, but given other observations I'm going to assume the later).