一个关于在servlet中向数据库插入新数据的问题

今天我在往一个数据库里面插入数据的时候用了以下语句,我想问下这个句子有错误么。
INSERT INTO products(SN,name,company,image,intro,price,type)VALUES("sn3","samsang","china","/images/some.jpg","as good as","12","mobile")
当我运行的时候,eclipse报错java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC][SQLServer]在此上下文中不允许使用 'sn3'。此处只允许使用常量、表达式或变量。不允许使用列名。SN列中也无sn3数据
原始代码如下
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.pk.jsp.beans.admin.*;
public class pdtDB extends HttpServlet { public pdtDB() {
  super();
 } public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  
  
  pdtValidate.setName(request.getParameter("pdtName"));
  pdtValidate.setCompany(request.getParameter("pdtCompany"));
  pdtValidate.setImage(request.getParameter("pdtImage"));
  pdtValidate.setIntro(request.getParameter("pdtIntro"));
  pdtValidate.setPrice(request.getParameter("pdtPrice"));
  pdtValidate.setType(request.getParameter("pdtType"));
  
  try{
   
   ResultSet rs = statm.executeQuery("SELECT * FROM products");
   
   while(rs.next()){
    rows++;
   }
   pdtSN = "sn"+(rows+1);
   
   if(pdtValid(pdtValidate)){
    statm.executeUpdate("INSERT INTO products(SN,name" +
      ",company,image,intro,price,type)" +
      "VALUES(\""+pdtSN+"\",\""+pdtValidate.getName()+"\",\""+pdtValidate.getCompany()+
      "\",\""+pdtValidate.getImage()+"\",\""+pdtValidate.getIntro()+
      "\",\""+pdtValidate.getPrice()+"\",\""+pdtValidate.getType()+"\")");
   }
   
  }catch(SQLException sqle){
   System.err.println(sqle);
  }
  
  
  response.setContentType("text/html");
  PrintWriter out = response.getWriter();
  out
    .println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
  out.println("<HTML>");
  out.println("  <HEAD><TITLE>A Servlet</TITLE></HEAD>");
  out.println("  <BODY>");
  out.print("    This is ");
  out.print(this.getClass());
  out.print("INSERT INTO products(SN,name" +
    ",company,image,intro,price,type)" +
    "VALUES(\""+pdtSN+"\",\""+pdtValidate.getName()+"\",\""+pdtValidate.getCompany()+
    "\",\""+pdtValidate.getImage()+"\",\""+pdtValidate.getIntro()+
    "\",\""+pdtValidate.getPrice()+"\",\""+pdtValidate.getType()+"\")"
  );
  if(pdtValid(pdtValidate)){
  out.print("true");
  }else{
   out.print("false");
  }
  out.print(this.pdtImage);
  out.println(", using the POST method");
  out.println("  </BODY>");
  out.println("</HTML>");
  out.flush();
  out.close();
 }
 public void init() throws ServletException {
  try{
   Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
   String sourceURL = new String("jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=EPShow");
      String user="sa";
      String password="123";
      conn = DriverManager.getConnection(sourceURL,user,password);
      statm = this.conn.createStatement();
      
  }catch(ClassNotFoundException cnfe){
   System.err.println(cnfe);
  }catch(SQLException sqle){
   System.err.println(sqle);
  }
 }
 boolean pdtValid(pdtValidateBean pdtValidate){
  boolean pdtValid = false;
  if(pdtValidate.isCompanyValid()&&
    pdtValidate.isImageValid()&&
    pdtValidate.isIntroValid()&&
    pdtValidate.isNameValid()&&
    pdtValidate.isPriceValid()&&
    pdtValidate.isTypeValid()){
   pdtValid = true;
  }
  return pdtValid;
 }
 Connection conn;
 Statement statm;
 pdtValidateBean pdtValidate = new pdtValidateBean();
 
 long rows;
 String pdtSN;
 String pdtName;
 String pdtCompany;
 String pdtImage;
 String pdtIntro;
 String pdtPrice;
 String pdtType;
 
 
}
代码比较乱,麻烦大家了