aspose file tools*
The moose likes JDBC and the fly likes NullPointerException at stmt.execute Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "NullPointerException at stmt.execute" Watch "NullPointerException at stmt.execute" New topic
Author

NullPointerException at stmt.execute

K DeLucia
Ranch Hand

Joined: Apr 11, 2008
Posts: 68
I have an application consisting of jsp pages, servlets and jdbc. I'm attempting to update an Oracle record with this code:



I'm getting a NullPointerException at this line: updated = stmt.execute(SQL_INSERT); (I've also tried executeUpdate with the same results.)

I've been trying to figure this out for a while now and I'm getting nowhere. Any ideas on what would cause a NullPointerException on a stmt.execute?

Thanks for any pointers,
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2503
    
    8

What you do is:

You set stmt to null, and try to call a method on that null.
That gives a NullPointerException.

You will first have to ask your connection for a statement before using it.


OCUP UML fundamental and ITIL foundation
youtube channel
K DeLucia
Ranch Hand

Joined: Apr 11, 2008
Posts: 68
Thank you thank you thank you. Boy, that was stupid! I added my stmt=connection.prepareStatement(SQL_UPDATE); line and it's working now.

(Well, not working. Now I'm getting a SQLSyntaxErrorException, invalid character, but at least it's something different.)

Thanks for getting me over that hurdle. Now onto the next . . .
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18675
    
    8

Yes. You should use the PreparedStatement properly, instead of doing that string concatenation to generate your SQL. The string concatenation has two defects:

1. If there's a quote in any of the text strings, then the SQL will fail because it wasn't escaped. Using a PreparedStatement properly makes that a non-issue because the JDBC driver deals with it.

2. It may possible for malicious users to send text strings which cause your query to do unexpected things. Like deleting the whole table, for example. Google for "SQL injection attack". Again the JDBC driver deals with this by escaping the strings correctly.
K DeLucia
Ranch Hand

Joined: Apr 11, 2008
Posts: 68
Thanks. I fixed the SQL/prepared statements. I'm in too much of a rush with this one and I'm overlooking all sorts of important things. :-( Thanks for pointing it out. I really do prefer to do things the right way ;-)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: NullPointerException at stmt.execute