In Java apps, how can unchecked connections to the database create a security risk with SQL injection attack?

In the context of Java applications, for example a Web application built with NetBeans and using the Derby Database system - In Java apps, how can unchecked or basic connections to the database create a major security risk with regard to SQL injection attacks? and how can they be prevented?