Why is this an issue?
The parameters in a PreparedStatement
are indexed beginning at 1, not 0, so using any "set" method of a PreparedStatement
with a number less than 1 is a bug, as is using an index higher than the number of parameters. The same indexing style also applies to
ResultSet
.
Noncompliant code example
val ps: PreparedStatement = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?")
ps.setDate(0, date) // Noncompliant
ps.setDouble(3, salary) // Noncompliant
val rs: ResultSet = ps.executeQuery()
while (rs.next()) {
val fname: String = rs.getString(0) // Noncompliant
// ...
}
Compliant solution
val ps: PreparedStatement = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?")
ps.setDate(1, date)
ps.setDouble(2, salary)
val rs: ResultSet = ps.executeQuery()
while (rs.next()) {
val fname: String = rs.getString(1)
// ...
}