1

我是 Java 新手,正在做一个项目。我正在尝试使用 Netbeans 从 MS Access 检索数据。在我重新安装操作系统之前一切正常。现在我运行代码我得到这个错误。您的帮助和建议将不胜感激

java.sql.SQLException: No data found
    at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7138)
    at sun.jdbc.odbc.JdbcOdbc.SQLDriverConnect(JdbcOdbc.java:3073)
    at sun.jdbc.odbc.JdbcOdbcConnection.initialize(JdbcOdbcConnection.java:323)
    at sun.jdbc.odbc.JdbcOdbcDriver.connect(JdbcOdbcDriver.java:174)
    at java.sql.DriverManager.getConnection(DriverManager.java:582)
    at java.sql.DriverManager.getConnection(DriverManager.java:185)
    at connect.ConnectDB(connect.java:24)
    at StaffLogin.formWindowOpened(StaffLogin.java:125)
    at StaffLogin.access$000(StaffLogin.java:13)
    at StaffLogin$1.windowOpened(StaffLogin.java:47)
    at java.awt.Window.processWindowEvent(Window.java:1859)
    at javax.swing.JFrame.processWindowEvent(JFrame.java:279)
    at java.awt.Window.processEvent(Window.java:1820)
    at java.awt.Component.dispatchEventImpl(Component.java:4630)
    at java.awt.Container.dispatchEventImpl(Container.java:2099)
    at java.awt.Window.dispatchEventImpl(Window.java:2475)
    at java.awt.Component.dispatchEvent(Component.java:4460)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
    at  java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
    at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
    at  java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)

这是代码,我也省略了“生成的代码”和“外观”。请让我知道是否需要这些。谢谢。

import java.sql.*;
import javax.swing.*;

public class StaffLogin extends javax.swing.JFrame {

Connection conn = null;
ResultSet rs = null;
PreparedStatement pst = null;

/**
 * Creates new form StaffLogin
 */
public StaffLogin() {
    initComponents();
}
   private void formWindowOpened(java.awt.event.WindowEvent evt)  {                                  
    // TODO add your handling code here:
    conn = connect.ConnectDB();
}                                 

private void cmdloginMouseClicked(java.awt.event.MouseEvent evt)  {                                      
    // TODO add your handling code here:
    conn = connect.ConnectDB();
   String u = txtusername.getText();
   String p = txtpassword.getText();

    String sql = "SELECT * FROM Staff_Table WHERE Firstname='" + u+"' and Password='"+ p+"'";
    try{
        pst = conn.prepareStatement(sql);
        rs = pst.executeQuery();
        if (rs.next()){
            JOptionPane.showMessageDialog(null,"Correct Password");
            Interface i = new Interface();
            i.setVisible(true);

        }
        else
            JOptionPane.showMessageDialog(null,"Invalid Username or Password");
    }
    catch(Exception e){
        JOptionPane.showMessageDialog(null, e);
    }
}                                     

/**
 * @param args the command line arguments
 */
public static void main(String args[]) {
java.awt.EventQueue.invokeLater(new Runnable() {

        public void run() {
            new StaffLogin().setVisible(true);
        }
    });
}
// Variables declaration - do not modify                     
private javax.swing.JButton cmdlogin;
private javax.swing.JLabel jLabel1;
private javax.swing.JLabel jLabel2;
private javax.swing.JPanel jPanel1;
private javax.swing.JPasswordField txtpassword;
private javax.swing.JTextField txtusername;
// End of variables declaration

}

4

3 回答 3

5

当您尝试多次读取列的值时,通常会发生这种情况。例如,这可能会抛出“No data found”:

ResultSet rs = statement.executeQuery(sql);
while (rs.next()) {
    if ("value1".equals(rs.getString("mycolumn")) || "value2".equals(rs.getString("mycolumn"))) {

这样它工作正常:

ResultSet rs = statement.executeQuery(sql);
while (rs.next()) {
    String value = rs.getString("mycolumn");
    if ("value1".equals(value) || "value2".equals(value)) {
于 2012-04-17T19:32:53.920 回答
2

这不是您问题的核心,但这条线

String sql = "SELECT * FROM Staff_Table WHERE Firstname='" + u+"' and Password='"+ p+"'";

是一个重大的安全漏洞。即使您正在“使用” PreparedStatements,因为您正在“文本”构建带有参数传递值的字符串,但您正在为 SQL 注入攻击做好准备。

而是做

String sql = "SELECT * FROM Staff_Table WHERE Firstname=? and Password=?"
try{
    pst = conn.prepareStatement(sql);
    pst.setString(1, u);
    pst.setString(2, p);
    rs = pst.executeQuery();
    if (rs.next()){
        JOptionPane.showMessageDialog(null,"Correct Password");
        Interface i = new Interface();
        i.setVisible(true);

    }
    else
        JOptionPane.showMessageDialog(null,"Invalid Username or Password");
}
catch(Exception e){
    JOptionPane.showMessageDialog(null, e);
}

这样,具有“Robert'; DROP TABLE Staff_Table; --”之类的名称或密码的用户将不会成为未来的噩梦。

如果您不明白为什么会出现此问题,请考虑上述“Robert...”用户存在的场景。

String u = "Robert'; DROP TABLE Staff_Table; --";
String p = "haha";
String sql = "SELECT * FROM Staff_Table WHERE Firstname='" + u+"' and Password='"+ p+"'";

变成

String sql = "SELECT * FROM Staff_Table WHERE Firstname='" 
  + "Robert'; DROP TABLE Staff_Table; --" 
  + "' and Password='"+ p+"'";

或者干脆

String sql = "SELECT * FROM Staff_Table WHERE Firstname='Robert'; DROP TABLE Staff_Table; --' and Password='haha';

它作为复合 SQL 语句执行,由三个 SQL 语句组成

SELECT * FROM Staff_Table WHERE Firstname='Robert';
DROP TABLE Staff_Table;
--' and Password='haha';

(注意最后一行是 SQL 注释,因为它以 开头--)。

于 2012-04-17T19:45:38.393 回答
0

我最好的猜测是其他人在您的旧机器上创建了 ODBC 数据源,而您还没有在新机器上创建它。

到这里:

控制面板 -> 系统和安全 -> 管理工具 -> 数据源 (ODBC)

于 2012-04-17T19:28:39.870 回答