Java Error : java.sql.SQLException: No value specified for parameter 15

Question

at GetModifiedXMLDataFrom.main(GetModifiedXMLDataFrom.java:339) I am getting this error even though i have 16 fields and 16 ?. Not sure why error is there. Its because of preparedStmt.setString (15, "1"); but it's going in one of those condition so its reaching where it suppose to be.

Any help is much appritiaited, Thanks in advance.

String strInsertQuery = " UPDATE `cve_data` SET `CVE_ID`=?,
    `CVE_DESCRIPTION`=?,    `CVE_SEVERITY`=?,   `CVE_PRODUCT_NAME`=?,
    `CVE_PRODUCT_VERSION`=?,    `CVE_VENDOR_NAME`=?,    `CVE_PUBLISHED`=?,
    `CVE_MODIFIED`=?,   `CVSS_VERSION`=?,   `CVSS_SCORE`=?,
    `CVSS_BASE_SCORE`=?,    `CVSS_IMPACT_SUBSCORE`=?,
    `CVSS_EXPLOIT_SUBSCORE`=?,  `CVSS_VECTOR`=?, `CVE_ASSESSED`=?
     where `CVE_ID`=? ";



    PreparedStatement preparedStmt = con.prepareStatement(strInsertQuery);
    Calendar calendar = Calendar.getInstance();
    java.sql.Date tempDate = new java.sql.Date(calendar.getTime().getTime());

    while (itrCVEData.hasNext()) {
        hmCVEInsData = (HashMap)itrCVEData.next();
        preparedStmt.setString (1, (String)hmCVEInsData.get("CVEName")); //done
        preparedStmt.setString (2, (String)hmCVEInsData.get("CVEDescr")); //done
        preparedStmt.setString (3, (String)hmCVEInsData.get("CVESeverity")); //done
        preparedStmt.setString (4, (String)hmCVEInsData.get("CVEProductname"));//done
        preparedStmt.setString (5, (String)hmCVEInsData.get("CVEProductVersion"));//done
        preparedStmt.setString (6, (String)hmCVEInsData.get("CVEProductvendor"));//done
        if (hmCVEInsData.get("CVEPublished") != null) {
            preparedStmt.setDate (7, tempDate.valueOf((String)hmCVEInsData.get("CVEPublished")));//done
        } else {
            preparedStmt.setDate (7, null);
        }
        if (hmCVEInsData.get("CVEModified") != null) {
            preparedStmt.setDate (8, tempDate.valueOf((String)hmCVEInsData.get("CVEModified")));//done
        } else {
            preparedStmt.setDate (8, null);
        }
        preparedStmt.setString (9, (String)hmCVEInsData.get("CVECVSSversion"));//done
        preparedStmt.setString (10, (String)hmCVEInsData.get("CVECVSSscore"));//done
        preparedStmt.setString (11, (String)hmCVEInsData.get("CVECVSSbasescore"));//done
        preparedStmt.setString (12, (String)hmCVEInsData.get("CVECVSSimpactsubscore"));//done
        preparedStmt.setString (13, (String)hmCVEInsData.get("CVECVSSexploitsubscore"));//done
        preparedStmt.setString (14, (String)hmCVEInsData.get("CVECVSSvector"));//done


        //3 condition code starts here

                    String str = (String)hmCVEInsData.get("CVECVSSscore");
                    //String strCVEID = (String)hmCVEInsData.get("CVEName");

                    //fill null values with empty strings 
                    if(str.equals("")){
                        str = "0.0";
                    }
                    String flag = "0";
                    //preparedStmt.setString (15, flag);
                    //convert string to double
                    double fNum = Double.parseDouble(str);

                            if ( fNum >= CVSS_2_Critical_Base || fNum >= CVSS_3_Critical_Base){

                                String strCVEID = (String)hmCVEInsData.get("CVEName");
                                //System.out.println(strCVEID);
                                if(strCVEID.contains("2018")){
                                    System.out.println(strCVEID);
                                    String strSelectQuery = "SELECT * FROM `cve_data` where `CVE_ID` ='" +strCVEID+ "' ";
                                    preparedStmt = null;
                                    preparedStmt = con.prepareStatement(strSelectQuery);
                                    ResultSet rs = preparedStmt.executeQuery();
                                    while ( rs.next() ) {
                                    String srtrCVSSSCORE = rs.getString("CVSS_SCORE");
                                    System.out.println(srtrCVSSSCORE);
                                    String strTISeverity = rs.getString("CVE_TI_SEVERITY");
                                    System.out.println(strTISeverity);
                                    double fNum2 = Double.parseDouble(srtrCVSSSCORE);
                                        if ( fNum2 >= fNum ){
                                            System.out.println("Inside the loop");
                                            preparedStmt.setString (15, flag);

                                        }
                                        else
                                        {
                                            System.out.println("Inside the Else");
                                            preparedStmt.setString (15, "1");
                                        }
                                    }
                                }
                            }

        //3 condition code ends here

        preparedStmt.setString (16, (String)hmCVEInsData.get("CVEName"));//done

                    preparedStmt.execute();
    }

Answer 1

If this condition

if ( fNum >= CVSS_2_Critical_Base || fNum >= CVSS_3_Critical_Base)

is evaluated to false then the 15th parameter never have a chance to be set.

So you should set the 15th parameter in this case