34 lines
950 B
Plaintext
34 lines
950 B
Plaintext
The parameters in a ``++PreparedStatement++`` are numbered from 1, not 0, so using any "set" method of a ``++PreparedStatement++`` with a number less than 1 is a bug, as is using an index higher than the number of parameters. Similarly, ``++ResultSet++`` indices also start at 1, rather than 0
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
PreparedStatement ps = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?");
|
|
ps.setDate(0, date); // Noncompliant
|
|
ps.setDouble(3, salary); // Noncompliant
|
|
|
|
ResultSet rs = ps.executeQuery();
|
|
while (rs.next()) {
|
|
String fname = rs.getString(0); // Noncompliant
|
|
// ...
|
|
}
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
PreparedStatement ps = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?");
|
|
ps.setDate(1, date);
|
|
ps.setDouble(2, salary);
|
|
|
|
ResultSet rs = ps.executeQuery();
|
|
while (rs.next()) {
|
|
String fname = rs.getString(1);
|
|
// ...
|
|
}
|
|
----
|
|
|
|
|