stackoom
  简体   繁体   中英

JDBC 5 + MYSQL 4 error on select

 原文  2014-03-24 18:26:54       java/ mysql/ jdbc

Question

I'm new in Java World and I'm trying to create an userExist method to check if an user exists. Well, I'm getting the error: java.sql.SQLException: ResultSet is from UPDATE. No Data. java.sql.SQLException: ResultSet is from UPDATE. No Data.

This error happens when the login or password doesn't exist. And the next returns false .

I'm using the MySQL JDBC 5 with MySQL 4

The code: 

    public boolean userExist(User enteredUser) {

    try {

        boolean userExist = false;

        PreparedStatement connQuery = this.connection.prepareStatement("select Codigo, Nome, Login, Senha from funcionario where Login='"+enteredUser.getLogin()+"' and Senha='"+enteredUser.getSenha()+"'");
        ResultSet result = connQuery.executeQuery();

        if(result.next()) {

            if((result.getString("Login") == enteredUser.getLogin())&&(result.getString("Senha") == enteredUser.getSenha())) {

                enteredUser.setId(result.getInt("Codigo"));
                enteredUser.setNome(result.getString("Nome"));

                userExist = true;

            }

        }

        connQuery.close();

        return userExist;

    } catch (SQLException error) {

        throw new RuntimeException(error);

    }

 }

Edited.

I changed the code, now I'm getting this error just in the second time I tried to log on the application. Can this be a logical error? 

public boolean userExist(User enteredUser) {

    try {

        boolean userExist = false;

        PreparedStatement query = this.connection.prepareStatement("select Codigo, Nome, Login, Senha from funcionario where Login=? and Senha=?");
        query.setString(1,enteredUser.getLogin());
        query.setString(2,enteredUser.getSenha());

        ResultSet result = query.executeQuery();

        if(result.next()) {

            if((result.getString("Login").equals(enteredUser.getLogin()))&&(result.getString("Senha").equals(enteredUser.getSenha()))) {

                enteredUser.setCodigo(result.getInt("Codigo"));
                enteredUser.setNome(result.getString("Nome"));

                userExist = true;

            }

        }

        result.close();
        query.close();

        return userExist;

    } catch (SQLException error) {

        throw new RuntimeException(error);

    }

 }

Thank you,

1 answers

solution1
 0 ACCPTED  2014-03-24 19:14:07

although the above method isn't straightforwardly vulnerable to SQL injection, it is damn close. try this for your parameters: 

PreparedStatement connQuery = this.connection.prepareStatement("select Codigo, Nome, Login, Senha from funcionario where Login=? and Senha=?");
connQuery.setString(1,enteredUser.getLogin());
connQuery.setString(2,enteredUser.getSenha());

Also, try declaring the result set and prepared statement outside the try block so that you can close them in a finally block.

As for your actual question, I'd try running it with execute instead of executeQuery

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error with JDBC Mysql SELECT!! Synthax error insert in select in MySQL with JDBC JDBC with MySQL - SELECT … IN JDBC Mysql Syntax Error JMeter jdbc:mysql error MySQL and JDBC Error Logging In JDBC MySQL query error? MYSQL JDBC ERROR MySQL JDBC driver error MySQL jdbc connection error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM