please help error:::null pointer exception

Question

1.00/5 (1 vote)

See more:

code

if (ae.getSource() == bpaid)
{
int k;

rs = pst.executeQuery();
String status = tfees.getText();
System.out.println(status);

String ss = "update fees set feesstatus= " + status + " where fees.sid=" + roll + "";
k = st.executeUpdate(ss);
if (k>0)
{
System.out.println("Record Is Updated");
}

status is the fees status paid / unpaid.

Posted 1-Apr-15 18:13pm

Member 11520467

Updated 6-Apr-15 4:48am

Chris Maunder773.2K

v6

Add a Solution

Comments

Sergey Alexandrovich Kryukov 2-Apr-15 0:35am

In what line? Use the debugger...
—SA

Member 11520467 2-Apr-15 0:38am

am doing in command prompt using notepad.

Xiao Ling 2-Apr-15 2:37am

How could you see the null pointer exception? You probably can't even pass the code compilation.

Richard Deeming 2-Apr-15 7:58am

Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

George Jonsson · Answer 1 · 2015-04-01T19:00:00

Solution 1

Looks like you have an extra double quotation character at the end of this line.

Java

String ss = "update fees set feesstatus= " + status + " where fees.sid=" + roll + ";

change to

Java

String ss = "update fees set feesstatus= " + status + " where fees.sid=" + roll;

Note: Using spaces in your code is not bad practice, it makes it more readable and it is easier to find this kind of errors.
I re-formatted your code and saw the extra character in an instant.

Posted 1-Apr-15 19:00pm

George Jonsson

Updated 1-Apr-15 19:01pm

v2

Comments

Richard Deeming 2-Apr-15 7:59am

You have copied the SQL Injection[^] vulnerability from the question.

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

George Jonsson 2-Apr-15 9:31am

Well, that is correct, but sometimes you have to take it step by step. What I should have done is to point out that using string concatenation is a bad idea.
I would love to see your superior solution, but it seems to be missing.