java在结果集之前错误,MySQL + JAVA异常：在开始结果集之前

最新推荐文章于 2021-03-08 06:13:26 发布

星先生cxm

最新推荐文章于 2021-03-08 06:13:26 发布

阅读量81

点赞数

文章标签： java在结果集之前错误

try

{

PreparedStatement s = (PreparedStatement) conn.prepareStatement("SELECT voters.Check,count(*) FROM voting.voters where FirstName="+first+"and LastName="+last+" and SSN="+voter_ID);

//java.sql.Statement k = conn.createStatement();

rs=s.executeQuery();

//s.executeQuery("SELECT voters.Check,count(*) FROM voting.voters where FirstName="+first+"and LastName="+last+" and SSN="+voter_ID);

System.out.println(rs.first());

c=rs.getInt(1);

d=rs.getInt(2);

System.out.println(c);

System.out.println(d);

if(c==1 && d==1)

{

s.executeUpdate("update cand set total=total+1 where ssn="+can_ID);

System.out.println("Succeful vote");

System.out.println("after vote");

s.executeUpdate("update voters set voters.Check=1 where ssn="+voter_ID);

toclient=1;

PreparedStatement qw = (PreparedStatement) conn.prepareStatement("select FirstName from cand where ssn="+can_ID);

// rs=k.executeQuery("select FirstName from cand where ssn="+can_ID);

rs1 = qw.executeQuery();//Error Here Plz help me

String name1= (String) rs1.getString(1);

System.out.println(name1);

s.executeUpdate("update voters set VTO="+name1+"where ssn="+voter_ID);

System.out.println(rs.getString(1));

}

else

{

if(c != -1)

toclient =2;

if( d ==0)

toclient =3;

if( d>1)

toclient =4;

}

System.out.println("out-----------");

rs.close();

s.close();

}

catch (SQLException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

Error IS :

java.sql.SQLException: Before start of result set

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:986)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:981)

解决方案

In your code snippet you create PreparedStatements but you do not use them correctly. Prepared statements are meant to be used as a kind of 'statement template' which is bound to values before it executes. To quote the javadoc:

PreparedStatement pstmt = con.prepareStatement(

"UPDATE EMPLOYEES SET SALARY = ? WHERE ID = ?");

pstmt.setBigDecimal(1, 153833.00)

pstmt.setInt(2, 110592)

This has two big advantages over your current usage of PreparedStatement:

one PreparedStatement can be used for multiple executes

it prevents a possible SQL injection attack

The second one here is the biggie, if for instance your variables first and last are collected in a user interface and not reformatted, you run the risk of parts of SQL being input for those values, which then end up in your statements! Using bound parameters they will just be used as values, not part of the SQL statement.

星先生cxm

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
java在结果集之前错误,MySQL + JAVA异常：在开始结果集之前

try{PreparedStatement s = (PreparedStatement) conn.prepareStatement("SELECT voters.Check,count(*) FROM voting.voters where FirstName="+first+"and LastName="+last+" and SSN="+voter_ID);//java.sql.Stat...
复制链接

扫一扫