Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

number of rows in ResultSet

 
miguel lisboa
Ranch Hand
Posts: 1281
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i'm not sure if this a jdbc problem, but here i go:
i'v only one entry in table login;
i'm checking number of returned rows form a query with:

if i hard code my query, i get numberOfRows = 1, but if i build it dinamically i allways get zero, and dont know why!
take a look:

i also confirmed that both requests return the correct input

what might i've been doing wrong?

TiA
[ November 22, 2006: Message edited by: miguel lisboa ]
 
Tim LeMaster
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"SELECT * FROM login where nome = 'username' and palavrapasse = 'password'"; // returns 0


This does not build the query dynamically from the Strings username and password. It just hard codes the nome to be "username" and palavrapasse to be "password".

You need to build the string using the variables. There are many ways to accomplish this.
 
Carol Enderlin
drifter
Ranch Hand
Posts: 1364
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should really use PreparedStatement to avoid sql injection. Search this forum or google for more info on how and why.

The JavaRanch security faq links to two articles on SQL injection. One mentions prepared statements but not java specifically.

Or see the comment in PreparedStatement about bad things happening.
[ November 22, 2006: Message edited by: Carol Enderlin ]
 
miguel lisboa
Ranch Hand
Posts: 1281
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
case solved
in case someone has the same prob, here's the solution:
"SELECT * FROM login where nome = '"+username+"' and palavrapasse = '" + password + "'";
 
miguel lisboa
Ranch Hand
Posts: 1281
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Carol
thanks a lot for your sugestion!

and also you gave me the oportunity to have my first prepared statement
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic