Solved MySQL check if entry is set

Discussion in 'Spigot Plugin Development' started by Mxrlin1, Jan 21, 2022.

  1. Im trying to check if a entry is set, so for example in a row with: 'user, password, birth' I check if in column 'user' f.e. 'mxrlin' is

    For that im using that code in my Main Class:
    Code (Java):
    if(!mySQL.isSet(tableName, "houseNumber", houseNumberStr)){
                System.out.println(house.getHouseNumber() + " not set yet");
                inserts.add(new BetterMySQL.KeyValue("houseNumber", houseNumberStr));
                mySQL.insertEntry(tableName, inserts);
            }else {
                System.out.println(house.getHouseNumber() + " set -> updating");
                mySQL.update(tableName, inserts, "houseNumber", houseNumberStr);
            }
    And the mySQL.isSet() method looks like this:
    Code (Java):
    public boolean isSet(String tableName, String key, String value){
        Check.checkNotEmpty(tableName);
        Check.checkNotEmpty(key);
        Check.checkNotEmpty(value);
        ResultSet resultSet = MySQL.getResultSetPrepareStatement(connection, "SELECT * FROM " + tableName + " WHERE ?=?", Arrays.asList(key, value));
        try {
            if(resultSet.next()){
                return resultSet.getObject(value) != null;
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            try {
                resultSet.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        return false;
    }
    But with this code it always debugs me "house.getHouseNumber() + " not set yet", so the Class doesnt find the entry that is set
     
  2. Nope. I have it like this now:
    Code (Java):
    public boolean isSet(String tableName, String key, String value){
            Check.checkNotEmpty(tableName);
            Check.checkNotEmpty(key);
            Check.checkNotEmpty(value);
            ResultSet resultSet = MySQL.getResultSetPrepareStatement(connection, "SELECT * FROM " + tableName + " WHERE '?'='?'", Arrays.asList(key, value));
            try {
                return resultSet != null && resultSet.next(); // if there is found anything that isnt null -> true - else false
            } catch (SQLException e) {
                e.printStackTrace();
            } finally {
                try {
                    resultSet.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            return false;
        }
    But still returning false everytime.
     
  3. What about small edit?
    Code (Java):
    ResultSet resultSet = MySQL.getResultSetPrepareStatement(connection, "SELECT * FROM " + tableName + " WHERE ?='?'", Arrays.asList(key, value));
     
  4. As soon as I do WHERE ?='?' instead of WHERE ?=? the Error "java.sql.SQLException: Parameter index out of range (2 > number of parameters, which is 1)." appears
     
  5. Then do it easier, write the values of the fields manually.
    MySQL.getResultSetPrepareStatement(connection, "SELECT * FROM " + tableName + " WHERE "+key+"='"+value+"'");
     
  6. Yeah, but the Problem is there, and thats why im using prepared statements, is SQL injection. If im using just result sets an hacker as it easy to hack the databank.

    EDIT: I dont know the error, but I just used getObject() == null instead of isSet() and it was working. Still no sense for me, but i got it working
     
    #7 Mxrlin1, Jan 21, 2022
    Last edited: Jan 21, 2022