From Java we'd do something like: stmt.execute("SELECT * FROM users"); But for a stored procedure like: stmt.execute("{CALL createUser(?,?,?,?)}");

Why do we need the { and } when this is not required in normal SQL?

The curly braces are the escape syntax for stored procedures. When the JDBC driver encounters {call createUser(?,?,?,?)} , it will translate this escape syntax into the native SQL used by the database to call the stored procedure.

JDBC was derived from ODBC. Indeed the first jdbc driver was the jdbc to odbc bridge. So it made sense to use the ODBC syntax. The braces themselves indicate a function call, a stored procedure is basically a user defined function, so they are wrapped with the braces.

Here is the official docs on JDBC escape syntax: https://docs.oracle.com/cd/E13157_01/wlevs/docs30/jdbc_drivers/sqlescape.html

And some vendor-specific descriptions:

• Oracle
• MS SQL Server
• PostgreSQL
• Derby