Why is this an issue?
PreparedStatement is an object that represents a precompiled SQL statement, that can be used to execute the statement multiple times
efficiently.
ResultSet is the Java representation of the result set of a database query obtained from a Statement object. A default
ResultSet object is not updatable and has a cursor that moves forward only.
The parameters in PreparedStatement and ResultSet are indexed beginning at 1, not 0. When an invalid index is passed to
the PreparedStatement or ResultSet methods, an IndexOutOfBoundsException is thrown. This can cause the program
to crash or behave unexpectedly, leading to a poor user experience.
This rule raises an issue for the get methods in PreparedStatement and the set methods in
ResultSet.
How to fix it
Ensure the index passed to the PreparedStatement and ResultSet methods is valid.
Code examples
Noncompliant code example
val ps: PreparedStatement = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?")
ps.setDate(0, date) // Noncompliant
ps.setDouble(3, salary) // Noncompliant
val rs: ResultSet = ps.executeQuery()
while (rs.next()) {
val fname: String = rs.getString(0) // Noncompliant
// ...
}
Compliant solution
val ps: PreparedStatement = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?")
ps.setDate(1, date)
ps.setDouble(2, salary)
val rs: ResultSet = ps.executeQuery()
while (rs.next()) {
val fname: String = rs.getString(1)
// ...
}
Resources
Documentation
