You're making two huge mistakes:
1) You're performing processing in your JSP. The only thing JSP should do is display data that has been forwarded to it by a
servlet. Move all your database access code to a servlet.
2) Your database queries are vulnerable to SQL injections. Use
PreparedStatement for queries that depend on user input.