I tend to stuff complicated strings (SQL queries and such) into resources (files that get baked into the JAR) and implement some kind of templating for them if I think it's necessary.
Of course. If it is SQL you ride on JDBC already supporting placeholders, so there isn't any need for you to support substitutions for ordinary SQL.
If you want to do more complex "Dynamic SQL", say you are writing a query builder where people can fill out fields to do a complex query, your best bet is JooQ, which I use heavily at work.
