What makes this sql failure in JDBC?

Question

0.00/5 (No votes)

See more:

The very same sql statement works fine in MySQL Workbench but fails in Java program. All I've done was setting a breakpoint before the execution of this statement in Java and paste the same statement ("select * from administrator where AdministratorID = 'Admin'") from Java to the Workbench, where showed ONE record. I surrounded the invoking with try-catch, it turned out successfully called but returned nothing (resultset.getRow() returns 0). Here is the Java code that executes the query:

Java

public ResultSet executeQuery(String tableName, String condition) {
		String sql = "select * from " + tableName + " where " + condition;
		ResultSet rs = null;
		Connection conn = null;
		try {
			conn = getConn();
			Statement statement = conn.createStatement();
			rs = statement.executeQuery(sql);
			statement.close();
			conn.close();
		} catch (Exception e) {
			e.printStackTrace();
		}
		return rs;
	}

And the getConn() function:

Java

public Connection getConn() {
		Connection conn = null;
		try {
			Class.forName(name); // 指定连接类型
			String url = "jdbc:mysql://" + host + ":" + port + "/" + dbName;
			conn = DriverManager.getConnection(url, user, password); // 获取连接
		} catch (Exception e) {
			e.printStackTrace();
		}
		return conn;
	}

where name = "com.mysql.jdbc.Driver", host = "127.0.0.1", port = "3306". dbName, user and password were provided correctly.
Can anyone help tell me what went wrong?

Posted 28-Sep-15 2:51am

Wu Jiecheng

Add a Solution

Comments

Richard Deeming 28-Sep-15 9:28am

Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Wu Jiecheng 28-Sep-15 10:24am

I tried PreparedStatement way, but got the same effect - no exceptions and no result row neither.

2 solutions

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

E.F. Nijboer · Answer 1 · 2015-09-28T04:58:00

Solution 1

You close the connection before anything was read. Just for test, try reading data from the resultset right after the line rs = statement.executeQuery(sql); in your executeQuery method.

Just an advice on good programming style. Don't have your method getConn return null if creating a connection failed. Simply retrow the exception. This makes it so much more clear when and why it fails from where it is called.

And of course... beware of sql injection!

Good luck!

Posted 28-Sep-15 4:58am

E.F. Nijboer

Comments

Wu Jiecheng 29-Sep-15 8:51am

Googled "sql injection" and shocked! I 've never been aware of sql inject attack! Thanks for warning me! I tried getting the expression rs.getRow() right after the executeQuery(sql) statement and got the value 0. Is there anything wrong with my functiong getConn()?

E.F. Nijboer 29-Sep-15 12:46pm

You need to use a while that will get the next record each time using rs.next(). Check out this link with the exact example code you are looking for. :-)

https://docs.oracle.com/javase/tutorial/jdbc/basics/processingsqlstatements.html

Anirudh Mangalvedhekar · Answer 2 · 2015-10-13T19:32:00

The resultset cursor is positioned before the first row. By using next() you move the cursor to next row. Post the final row (ie- if the cursor is positioned after last row) next() will return false
More details can be found here :
https://docs.oracle.com/javase/tutorial/jdbc/basics/retrieving.html[^]

What makes this sql failure in JDBC?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

What makes this sql failure in JDBC?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0

Existing Members

...or Join us