我正在尝试将输入的屏幕值与DB中存储的值进行比较。目前,我正在尝试此代码:
cell = sheet.getRow(i).getCell(2);
Class.forName("com.mysql.cj.jdbc.Driver");
Connection con = DriverManager.getConnection ("jdbc:mysql://madison-dev.czr6vej2htnn.us-east-1.rds.amazonaws.com:3306/madisondb","madisonadmin","t4xuw94$");// + "databasename=madison-dev.czr6vej2htnn.us-east-1.rds.amazonaws.com";
Statement st = con.createStatement();
ResultSet Rs = st.executeQuery("select name, zipcode, state, city, street from business_master where user_id =(\r\n" +
"select id\r\n" +
"from user_master\r\n" +
"where email = 'cell.getStringCellValue()') \r\n");
while (Rs.next()) {
// System.out.println(Rs.getString(1) + " " + Rs.getString(2) + " " + Rs.getString(3) + " "
// + Rs.getString(4) + " " + Rs.getString(5));
System.out.println(Rs.getString(0));
}
屏幕未显示任何值。.当我尝试在循环外打印System.out.println(Rs.getString(3))时,出现错误
java.sql.SQLException:对空结果集的非法操作。
答案 0 :(得分:1)
您正在尝试查找电子邮件地址实际上是文本'cell.getStringCellValue()'而不是该方法返回的值的所有行。
在代码汇编查询字符串的同时,这使您容易受到SQL注入攻击的影响。改用准备好的语句
PreparedStatement st = con.prepareStatement(
"select name, zipcode, state, city, street from business_master where user_id =(" +
"select id " +
"from user_master " +
"where email = ?)");
st.setString(1, cell.getStringCellValue());
ResultSet Rs = st.executeQuery();