There is a JSTL to execute SQL, that is sql:query. I want to execute SQL with WHERE sentence in JSP with using HTTP request parameter in WHERE conditions. This is a sample.

<%@ page contentType="text/html;charset=UTF-8" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/sql" prefix="sql" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<c:set var="userid" scope="request" value="${param.userid}" />
<sql:query var="rs" dataSource="jdbc/MyDB">
select * from user where ID = ?;
  <sql:param value="${userid}" />
</sql:query>

In above case, JSTL works as following.
1. Get HTTP Post parameter whose name is userid
2. Set the value of step 1 as userid in this jsp context
3. sql:query get the value of userid from in this jsp context
4. execute SQL replacing the step 3 value with ?