public String returnFirstName() throws SQLException {
String Username = username.getText();
String Password = String.valueOf(password.getPassword());
connection = DriverManager.getConnection(jdbcURL, user, SQLPassword);
statement = connection.createStatement();
try {
resultSet = statement.executeQuery("SELECT * FROM users WHERE username="
"'" Username "'" " AND password="
"'" Password "'" ";");
FirstName = resultSet.getString("first_name");
} catch (Exception exception) {
error = true;
exception.printStackTrace();
} finally {
if (connection != null) {
try {
connection.close();
} catch (SQLException ex) {
ex.printStackTrace();
}
}
if (error) System.out.println("Error");
}
return FirstName;
}
Hello, So I have the problem where I am trying to return the value, fetched from the database but the value of firstname is null, and the statements in the try block have no effect. Is there any way to return the value, with the logic in the try block. (The firstname variable is already declared) Can anyone help me on this? Thanks in advance!
CodePudding user response:
resultSet.getString() will not throw a NullPointerException if the first_name column exists.
One possible solution to this would be:
FirstName = resultSet.getString("first_name");
if (FirstName == null) {
throw new NullPointerException();
}
I would also highly recommend changing the way the way you have written your query. Use Prepared statements as the current approach makes your database susceptible to injection attacks.
Prepared statements are SQL statements that provide placeholders for user input through bind variables. When the statement is executed, the user input is supplied separately to ensure the database is never tricked into executing user input as code.
Here is a partial implementation of your query, I will leave the rest for you to figure out:
PreparedStatement preparedStatement = connection.prepareStatement(
"SELECT * FROM users WHERE username=?");
prep.setString(1, Username);
return preparedStatement.executeQuery();
CodePudding user response:
The proper way to handle a database error is… not to catch it at all.
Notice the last two keywords in this line:
public String returnFirstName() throws SQLException {
The throws SQLException part means you don’t have to catch any exceptions in your code. The throws clause tells any calling code that it must decide what to do if the database retrieval fails for any reason. That is a good thing. That is how applications should be written.
It also means you don’t need a catch block. In fact, you can also remove the finally block, if you place your Connection and Statement in a try-with-resources statement:
public String returnFirstName() throws SQLException {
String Username = username.getText();
String Password = String.valueOf(password.getPassword());
try (Connection connection = DriverManager.getConnection(jdbcURL, user, SQLPassword);
Statement statement = connection.createStatement()) {
ResultSet resultSet = statement.executeQuery("SELECT * FROM users WHERE username="
"'" Username "'" " AND password="
"'" Password "'" ";");
return resultSet.getString("first_name");
}
}
By declaring the Connection and Statement objects inside parentheses after try, we are telling Java to automatically close them when the try block ends. This will happen both if the code completes successfully, and if an exception occurs. (The ResultSet is automatically closed when its corresponding Statement is closed.)
Instead of trying to ignore an exception and pick some “special” value for firstName, let the calling code decide what to do if the value cannot be retrieved. This allows your method to reliably return a valid value every time. If an error occurs, the method simply never returns at all; instead, it will propagate the underlying SQLException. The code which calls your method can be certain that if a value was returned at all, it is a valid value.
(I am deliberately not addressing the security implications here, such as SQL injection and unhashed passwords, since this appears to be an assignment or practice exercise, and security concerns would be out of scope.)