Home/ Questions/Q 603827
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T16:58:24+00:00

try { PreparedStatement s = (PreparedStatement) conn.prepareStatement(SELECT voters.Check,count(*) FROM voting.voters where FirstName=+first+and LastName=+last+ and

  • 0
try
  {
   PreparedStatement  s = (PreparedStatement) conn.prepareStatement("SELECT voters.Check,count(*) FROM voting.voters where FirstName="+first+"and LastName="+last+" and SSN="+voter_ID);
   //java.sql.Statement k = conn.createStatement();

         rs=s.executeQuery();
               //s.executeQuery("SELECT voters.Check,count(*) FROM voting.voters where FirstName="+first+"and LastName="+last+" and SSN="+voter_ID);

         System.out.println(rs.first());
         c=rs.getInt(1);
         d=rs.getInt(2);

         System.out.println(c);
         System.out.println(d);

          if(c==1 && d==1)
          {
           s.executeUpdate("update cand set total=total+1 where ssn="+can_ID);
           System.out.println("Succeful vote");
           System.out.println("after vote");
           s.executeUpdate("update voters set voters.Check=1 where ssn="+voter_ID);
                 toclient=1;



             PreparedStatement  qw = (PreparedStatement) conn.prepareStatement("select FirstName from cand where ssn="+can_ID);

                 // rs=k.executeQuery("select FirstName from cand where ssn="+can_ID);
             rs1 = qw.executeQuery();//Error Here Plz help me
                  String name1= (String) rs1.getString(1);

                  System.out.println(name1);
                  s.executeUpdate("update voters set VTO="+name1+"where ssn="+voter_ID);
           System.out.println(rs.getString(1));

          }
          else
          {
           if(c != -1)
            toclient =2;
           if( d ==0)
            toclient =3;
           if( d>1)
            toclient =4;

          }
           System.out.println("out-----------");
           rs.close();

           s.close();

  }

   catch (SQLException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  }

Error IS :

java.sql.SQLException: Before start of result set
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:986)
 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:981)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In your code snippet you create PreparedStatements but you do not use them correctly. Prepared statements are meant to be used as a kind of ‘statement template’ which is bound to values before it executes. To quote the javadoc:

       PreparedStatement pstmt = con.prepareStatement(
                                 "UPDATE EMPLOYEES SET SALARY = ? WHERE ID = ?");
   pstmt.setBigDecimal(1, 153833.00)
   pstmt.setInt(2, 110592)

    This has two big advantages over your current usage of PreparedStatement:

    • one PreparedStatement can be used for multiple executes
    • it prevents a possible SQL injection attack

    The second one here is the biggie, if for instance your variables first and last are collected in a user interface and not reformatted, you run the risk of parts of SQL being input for those values, which then end up in your statements! Using bound parameters they will just be used as values, not part of the SQL statement.

    • 0