0

I would like to see only that products user is looking for them, but when second if is executed it will push(pointer or whatever is there) to next ID(id I have as unique so it will push to nowhere) and result is null. I hope you understand my problem :).

    if (stmt.execute(
                        "SELECT * FROM products where ID=" + removeName)) {
                    rs = stmt.getResultSet();
    if (!rs.next()) {
                       m = "ID not found.";
                        return m;
                   }
Ondrej 'zatokar' Tokár
  • 143
  • 1
  • 15

3 Answers3

1

In your case, you can go for PreparedStatement for avoiding SQL-Injection problem.

  PreparedStatement prodsQuery= con.prepareStatement("SELECT * FROM products where ID=?");
  prodsQuery.setInt(1,removeName);
  ResultSet rs = prodsQuery.executeQuery();
  if(!rs.next())
  {
        m = "ID not found.";
        return m;
   }
NamingException
  • 2,388
  • 1
  • 19
  • 41
0

First thing, your approach is vulnerable to SQL Injection. Please go for PreparedStatement.
Look at this simple example for using PreparedStatement

And you should do like this :

ResultSet rs = stmt.executeQuery("SELECT * FROM products where ID=" + removeName);
if (!rs.next()) {
      m = "ID not found.";
      return m;
}
Community
  • 1
  • 1
Abubakkar
  • 15,488
  • 8
  • 55
  • 83
  • Thank you I am going to read about it but still it is removing everything (quantity) from my database. If that condition is not there it will nicely remove me only one from quantity(or only so how much I want) but without condition user will not know if there was that ID. – Ondrej 'zatokar' Tokár Apr 28 '13 at 11:08
0

The problem is that you're reading the first result in order to know if there's at least one result, then trying to consume the next results and missing the first one (adapted from your question description). I gave an explanation of how this works here.

A possible solution for this problem would be assuming the query executed with no problems and you have your results, then retrieve the data (or List of data) and as a last step verify if the data is not null or the List of data is not empty.

Code adapted from Naveen's answer to show the proposed solution

PreparedStatement prodsQuery =
    con.prepareStatement("SELECT * FROM products where ID=?");
prodsQuery.setInt(1,removeName);
ResultSet rs = prodsQuery.executeQuery();

  1. Assuming there's only one result to get:

    //also assuming you will set the results in a Data class (yes, this can be replaced)
Data data = null;
if (rs.next()) {
    //logic to retrieve data...
    data = new Data();
    data.setSomething(rs.get(1));
    //more and more code to fill the data...

    //because it looks that you need it as String (wonder why you return a String as well)
    return data.toString();
}
//note: I use an else statement to check if indeed there were no results at all
//else statement added using a line separator for code explanation purposes
else {
    m = "ID not found.";
    return m;
}

  2. Assuming there is a list of results to get:

    //also assuming you will set the results in a Data class (yes, this can be replaced)
List<Data> dataList = new ArrayList<Data>();
while (rs.next()) {
    //logic to retrieve data...
    Data data = new Data();
    data.setSomething(rs.get(1));
    //more and more code to fill the data...

    //because it looks that you need it as String (wonder why you return a String as well)
    dataList.add(data);
}
//in this case, there's no validation in order to know if there's any result
//the validation must be in the client of this class and method checking if
//the result list is empty using if(!List#isEmpty) { some logic... }
return dataList;
Community
  • 1
  • 1
Luiggi Mendoza
  • 85,076
  • 16
  • 154
  • 332