Hi George,
Concatenation of values ??always allows SQL Injection ... Be careful with it.
Other than that, pro Java, you must inform at least lib that you are using, and the form of connection to the bank, otherwise it is difficult to help you.
I will assume that you are using direct JDBC and lib java.sql, by the line of code you passed. Then, your Java connection with Oracle must be using the Java.sql.connection interface.
Come on, let's say an object con use the interface mentioned above (java.sql.connection) and the connection is already open and configured. So the right thing would be to use Java.sql.PreparedStatement to assemble and run your insert.
Select all
PreparedStatement stmt = con.prepareStatement("Insert into venda(vendata,venclicodigo,venfuncodigo) values (?,?,?)");
stmt.setDate(1, vendata);
stmt.setString(2, venclicodigo);
stmt.setString(3, venfuncodigo);
stmt.execute();
See that the date is set with the setdate, the other parameters I put as string, but if they are not, you exchange the correct type. . This way you can run any SQL, and still "treats" the problem of SQL Injection.
How do I make a time I do not move xom the java, so you can have some mistakes, but the way is this one ...
If you can not , put there, but I think it best to move the topic to the Java Forum, because the subject here is no longer about SQL and yes about Java.