I'm new in Java World and I'm trying to create an userExist
method to check if an user exists. Well, I'm getting the error: java.sql.SQLException: ResultSet is from UPDATE. No Data.
java.sql.SQLException: ResultSet is from UPDATE. No Data.
This error happens when the login or password doesn't exist. And the next
returns false
.
I'm using the MySQL JDBC 5 with MySQL 4
The code:
public boolean userExist(User enteredUser) {
try {
boolean userExist = false;
PreparedStatement connQuery = this.connection.prepareStatement("select Codigo, Nome, Login, Senha from funcionario where Login='"+enteredUser.getLogin()+"' and Senha='"+enteredUser.getSenha()+"'");
ResultSet result = connQuery.executeQuery();
if(result.next()) {
if((result.getString("Login") == enteredUser.getLogin())&&(result.getString("Senha") == enteredUser.getSenha())) {
enteredUser.setId(result.getInt("Codigo"));
enteredUser.setNome(result.getString("Nome"));
userExist = true;
}
}
connQuery.close();
return userExist;
} catch (SQLException error) {
throw new RuntimeException(error);
}
}
Edited.
I changed the code, now I'm getting this error just in the second time I tried to log on the application. Can this be a logical error?
public boolean userExist(User enteredUser) {
try {
boolean userExist = false;
PreparedStatement query = this.connection.prepareStatement("select Codigo, Nome, Login, Senha from funcionario where Login=? and Senha=?");
query.setString(1,enteredUser.getLogin());
query.setString(2,enteredUser.getSenha());
ResultSet result = query.executeQuery();
if(result.next()) {
if((result.getString("Login").equals(enteredUser.getLogin()))&&(result.getString("Senha").equals(enteredUser.getSenha()))) {
enteredUser.setCodigo(result.getInt("Codigo"));
enteredUser.setNome(result.getString("Nome"));
userExist = true;
}
}
result.close();
query.close();
return userExist;
} catch (SQLException error) {
throw new RuntimeException(error);
}
}
Thank you,
although the above method isn't straightforwardly vulnerable to SQL injection, it is damn close. try this for your parameters:
PreparedStatement connQuery = this.connection.prepareStatement("select Codigo, Nome, Login, Senha from funcionario where Login=? and Senha=?");
connQuery.setString(1,enteredUser.getLogin());
connQuery.setString(2,enteredUser.getSenha());
Also, try declaring the result set and prepared statement outside the try block so that you can close them in a finally block.
As for your actual question, I'd try running it with execute instead of executeQuery
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.