You have to put strings in quotes. Where you have ('+city+') to concatenate the variable "city" to the string you are building, you need to tell the system that the value of "city" is a literal. Just add a quote before and after it inside of the rest of the string parts.
String str = "SELECT ZipCode,State FROM zipcodes WHERE City = '" + city + "' AND State = '" + state + "'";
making the first part:
"SELECT ZipCode, State FROM zipcodes WHERE City = '"
and the next part:
+ city + "' ...
ending the quotes around the variable. Same thing with the last variable:
"' AND State = '" + state + "'";
BTW, you might use prepared statements which eliminates the confusion of quotes on strings and dates, but if you understand them you don't need it. If you do use it, it would look like this:
PreparedStatement pstmt = this.conn.prepareStatement(SQLStrings.getInsertUserQuery());
Where the sql statement would look like this:
String insertUserQuery =
"insert into \"DHSDB2\".\"JV_PERSON\" " +
"(\"USERID\", \"PASSWORD\", \"NAME\") " +
"values(?, ?, ?)";
The "?" in the query are substituted to the numbered parameters in the prepared statement.