Prepared statement error: java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0)

Question

我目前在使用此代码时遇到了一些问题：

 public User validateUser(String username, String password) {

    boolean found = false;
    Connection c = DBHelperClass.getConnection();
    String query = "Select * from user where username= '?' and password= '?' ";


    if (c != null) {
        try {
            PreparedStatement inserter = c.prepareStatement(query);
            inserter.setString(1, username);
            inserter.setString(2, password);
            System.out.println("help: "+query);
            ResultSet resultSet = inserter.executeQuery(query);
            while (resultSet.next()) {
                this.userId = resultSet.getInt("userId");
                this.username = resultSet.getString("usrname");
                this.password = resultSet.getString("password");
                this.address = resultSet.getString("address");
                this.email = resultSet.getString("email");
                this.phone = resultSet.getInt("phone");

                found = true;

            }
        } catch (SQLException ex) {
            Logger.getLogger(User.class.getName()).log(Level.SEVERE, null, ex);
        }

    }
    return this;
}

我得到的错误是：

java.sql.SQLException: 参数索引超出范围 (1 > number of 参数，为0)

通过阅读其他答案，我尝试围绕“？”进行更改标记但没有这样做。

Answer 1

改变

 Select * from user where username= '?' and password= '?' 

到

Select * from user where username= ? and password= ?

不用加'

更新：

并将inserter.executeQuery(query); 更改为inserter.executeQuery();

Answer 2

java.sql.SQLException: 参数索引超出范围 (1 > number of 参数，为0)

您收到此错误是因为您调用executeQuery(query) 而不是executeQuery()，因此它认为您的查询不需要任何参数，但您提供了多个导致此异常的参数，所以只需使用inserter.executeQuery()。

---

已经提到的第二个错误是您不需要在查询中使用引号它应该只是Select * from user where username= ? and password= ?

Answer 3

感谢帮助，这是固定的代码：

public User validateUser(String username, String password) {

    boolean found = false;
    Connection c = DBHelperClass.getConnection();
    String query = "Select * from user where username= ? and password= ? ";


    if (c != null) {
        try {
            PreparedStatement inserter = c.prepareStatement(query);
            inserter.setString(1, username);
            inserter.setString(2, password);
            System.out.println("help: "+query);
            ResultSet resultSet = inserter.executeQuery();
            while (resultSet.next()) {
                this.userId = resultSet.getInt("userId");
                this.username = resultSet.getString("username");
                this.password = resultSet.getString("password");
                this.address = resultSet.getString("address");
                this.email = resultSet.getString("email");
                this.phone = resultSet.getInt("phone");

                found = true;

            }
        } catch (SQLException ex) {
            Logger.getLogger(User.class.getName()).log(Level.SEVERE, null, ex);
        }

    }
    return this;
}

我需要改变的只是删除 '' around ?并将 executeQuery(query) 更改为 executeQuery()

谢谢一百万！

Answer 4

错误消息是说您的查询中的参数为零。这是因为您使用撇号转义了问号字符。 重写您的查询，不要在问号周围使用撇号。

String query = "Select * from user where username= ? and password= ?";