The commented SQL is closer to what you want, although you should really avoid string concatenation in favor of using parameters, look up SQL injection attacks.
String sql = "INSERT INTO info(ID,Password) values('" + user_id + "','" + user_password + "')";
Notice the ' in the command? They surround string values.
Also, make sure that you are using ID as your User ID in your table, a lot of people name the primary key ID which is usually an integer.