mysql 中插入语句的错误

public int register(String email, String name, String password, String loc,
			double latitude, double longitude,String user_pic){
		// 注册信息sql语句
		// String sql1 =
		// "select user_id from user where user_email = ?";//用来判断email是否已注册
		/*String sql2 = "insert into user(user_name,user_pswd,user_email,user_loc,user_lat,user_long)"
				+ "values("
				+ name
				+ ","
				+ password
				+ ","
				+ email
				+ ","
				+ loc
				+ "," 
				+ latitude
				+ ","
				+ longitude
				+ ")";*/
		String sql2 = "insert into user(user_name,user_pswd,user_email,user_loc,user_lat,user_long)"
				+ "values(?,?,?,?,?,?)";
		// 数据库连接工具类
		DBUtil util = new DBUtil();
		// 获得连接
		Connection conn = util.openConnection();
		try {
			// 获得预定义语句
			// PreparedStatement pstmt1 = conn.prepareStatement(sql1);
			PreparedStatement pstmt2 = conn.prepareStatement(sql2);
			// 设置sql1的查询参数
			// pstmt1.setString(1,email);
			// ResultSet flag = pstmt1.executeQuery();
			/*
			 * int i = flag.getRow();
			 * 
			 * if(flag){ System.out.println("邮箱已注册"); return -1;//邮箱已注册 }
			 */
			// System.out.println("邮箱未注册");
			// 执行更新
			pstmt2.setString(1,name);
			pstmt2.setString(2,password);
			pstmt2.setString(3,email);
			pstmt2.setString(4,loc);
			pstmt2.setDouble(5,latitude);
			pstmt2.setDouble(6,longitude);
			int rs = pstmt2.executeUpdate();// 执行成功返回更新的属性个数，否则返回0
			// 判断用户是否存在
			return rs;
		} catch (SQLException e) {
			e.printStackTrace();
		} finally {
			util.closeConnection(conn);
		}
		return 0;
	}

一开始我是直接把字符串数据  像name,password,email,直接写进去的，但是错误的，这里面的数据按道理是"' "'用的三个引号括起来的字符数据，所以要改为？然后赋值，不然的话会出现  当插入的数据不是数字的时候  就会报错！

*String sql2 = "insert into user(user_name,user_pswd,user_email,user_loc,user_lat,user_long)"
				+ "values("
				+ name
				+ ","
				+ password
				+ ","
				+ email
				+ ","
				+ loc
				+ "," 
				+ latitude
				+ ","
				+ longitude
				+ ")";*/