0

I have a null pointer exception in 

ResultSet rs = aStatement.executeQuery(Query); // it can't be executed

my code is like this :

 public static boolean testLogin(String user, String password) throws SQLException {
    String Query = "select * from TBL_Users where userName = '" + user + "' and  passWord = '" + password + "' ";
    ResultSet rs = aStatement.executeQuery(Query);

    while (rs.next()) {

        info.Id = rs.getInt("ID");
        info.userName = rs.getString("userName");
        info.Name = rs.getString("User_Name");
        info.Password = rs.getString("passWord");
        info.isAdmin = rs.getBoolean("Admin");
        return true;
    }
    return false;
}

}

Improve this question
5
  • 4
    What is aStatement referring to? Commented Dec 23, 2010 at 12:31
  • 1. you didn't show us the stack trace. That can eliminate 90% of problems. 2. you've got problems in your resultset handling code. Commented Dec 23, 2010 at 12:34
  • Exactly, from where does come that aStatement? A private field that is not initialized in the constructor? Commented Dec 23, 2010 at 12:35
  • @Martijn Courteaux: That was a rhetorical question :) Commented Dec 23, 2010 at 12:46
  • Please show the definition of 'aStatement'. Commented Dec 23, 2010 at 12:49

5 Answers 5

Reset to default
9

Most likely aStatement is null.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

6

Sounds like you think aStatement should not be null, but it is.

This is bad JDBC code, for many reasons:

  1. No cleanup of resources.
  2. Doesn't use PreparedStatement
  3. Keeps creating the query string over and over again instead of using a static variable
  4. Doesn't follow Java coding standards ("Query" should be "query")

Here's another way to write it. Start with an interface: 

package persistence;

import java.sql.SQLException;

public interface CredentialDao
{
    boolean isValidUser(String username, String password) throws SQLException;
}

Write an implementation:

package persistence;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class CredentialDaoImpl implements CredentialDao
{
    private static final String CREDENTIAL_QUERY = "SELECT COUNT() FROM USER WHERE USERNAME = ? AND PASSWORD = ?";

    private Connection connection;

    public CredentialDaoImpl(Connection connection)
    {
        this.connection = connection;
    }

    public boolean isValidUser(String username, String password) throws SQLException
    {
        boolean isValidUser = false;

        PreparedStatement ps = null;
        ResultSet rs = null;

        try
        {
            ps = this.connection.prepareStatement(CREDENTIAL_QUERY);
            ps.setString(1, username);
            ps.setString(2, password);
            rs = ps.executeQuery();
            while (rs.next())
            {
                int count = rs.getInt(1);
                isValidUser = (count > 0);
            }
        }
        finally
        {
            DatabaseUtils.close(rs);
            DatabaseUtils.close(ps);
        }

        return isValidUser;
    }
}
Improve this answer

7 Comments

A DAO that stores a Connection in a field? That doesn't seem like a very good idea to me....
Connection is your issue, Jaydee? If the connection isn't shared, but is checked out of a pool for each thread, this class would be thread safe.
@ColinD - The Spring idiom is to inject the connection into the DAO. How else can a DAO participate in a transaction with other DAOs? What's your alternative - have the DAO create its own Connection? I thought all this was why connection pools were invented.
@duffymo: I've never seen injected Connections... just injected DataSources. You typically need to call close() on a pooled connection to return it to the pool so other things can use it, and you typically want to do that as soon as possible.
Yes, you're right, it's only data sources that are injected in with Spring. And I don't call close on the data source; if I'm doing Spring JDBC, the DAOs extend SimpleJdbcTemplate, which handles all the plumbing for me. Since this is straight JDBC, and no Spring, I made the Connection pass in explicit to make a point: The DAO is given its access to the data source; it doesn't create it.
|
1

The aStatement variable is apparently null, please validate that it is correctly set. You should consider read the Java Naming Conventions and make sure you use the lower camel case for variables and java bean conventions.

For code snippets in stackoverflow if they are not self-explanatory, you should obey the rules of the SSCCE, this will help you to get more and better answers. Also you should provide a stack trace with the occured exception.

Improve this answer

Comments

0

Use prepared statements.

    Connection con = ...; // obtain connection here
    PreparedStatement pstmt = con.prepareStatement("select * from TBL_Users where userName = ?'");
    pstmt.setInt(1, userName);

    ResultSet rs = pstmt .executeQuery();
...
// do clean up here
Improve this answer

Comments

0 
 while (rs.next()) {

    info.Id = rs.getInt("ID");
    info.userName = rs.getString("userName");
    info.Name = rs.getString("User_Name");
    info.Password = rs.getString("passWord");
    info.isAdmin = rs.getBoolean("Admin");
    return true;       //                                Huh? What?
}

What is info refering to and why is there a return imediatly after the assignments?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.