How to fill an object constructor by querying a DB in Java

Question

I am trying to make a UserInfo object constructor by querying a database and I keep getting the cannot find symbol error for the UserInfo thisUserInfo = new UserInfo() part. I am trying to take the ResultSet rs and fill in the constructor to make a "session" for a user who logs in.

What am I doing wrong here? Here is my code:

private UserInfo getUserInfo(HttpServletRequest request, HttpServletResponse response) throws SQLException {
    String userName = request.getParameter("userName");
    String nullString = null;
    char nullChar = ' ';

    ResultSet rs = null;

    stmt = conn.createStatement();
    String getInfoSQL = "SELECT * FROM " + studentsTable + " WHERE USERNAME = '" + userName + "'";
    rs = stmt.executeQuery(getInfoSQL);
    if(rs.next()) {
        UserInfo thisUserInfo = new UserInfo(rs.getString(userName), rs.getString(passWord), rs.getString(lastName), rs.getString(firstName), rs.getString(age), rs.getString(sex), rs.getString(email));
        rs.close();
        stmt.close();
    } else {
        UserInfo thisUserInfo = new UserInfo(nullString, nullString, nullString, nullString, nullString, nullChar, nullString);
        rs.close();
        stmt.close();
    }
    return thisUserInfo;
}

Here is my UserInfo class:

public class UserInfo {
private final String userName;
private final String passWord;
private final String lastName;
private final String firstName;
private final String age;
private final char sex;
private final String email;

public UserInfo(String userName, String passWord, String lastName, String firstName, String age, char sex, String email) {
    this.userName = userName;
    this.passWord = passWord;
    this.lastName = lastName;
    this.firstName = firstName;
    this.age = age;
    this.sex = sex;
    this.email = email;
}

public String getUserName() {
    return this.userName;
}
public String getPassWord() {
    return this.passWord;                
}
public String getLastName() {
    return this.lastName;
}
public String getFirstName() {
    return this.firstName;
}
public String getAge() {
    return this.age;    
}
public char getSex() {
    return this.sex;
}
public String getEmail() {
    return this.email;
}

}

Answer 1

I'm not 100% about everything, but this looks wrong to me...

if(rs.next()) {
    // UserInfo is declared within a local context
    UserInfo thisUserInfo = new UserInfo(rs.getString(userName), rs.getString(passWord), rs.getString(lastName), rs.getString(firstName), rs.getString(age), rs.getString(sex), rs.getString(email));
    rs.close();
    stmt.close();
} else {
    // UserInfo is declared within a local context
    UserInfo thisUserInfo = new UserInfo(nullString, nullString, nullString, nullString, nullString, nullChar, nullString);
    rs.close();
    stmt.close();
}
// thisUserInfo does not exist
return thisUserInfo;

It should be more like...

UserInfo thisUserInfo = null;
if(rs.next()) {
    thisUserInfo = new UserInfo(rs.getString(userName), rs.getString(passWord), rs.getString(lastName), rs.getString(firstName), rs.getString(age), rs.getString(sex), rs.getString(email));
    rs.close();
    stmt.close();
} else {
    thisUserInfo = new UserInfo(nullString, nullString, nullString, nullString, nullString, nullChar, nullString);
    rs.close();
    stmt.close();
}
return thisUserInfo;

Mind you, I would personally do it more like....

try {
    stmt = conn.createStatement();
    String getInfoSQL = "SELECT * FROM " + studentsTable + " WHERE USERNAME = '" + userName + "'";
    rs = stmt.executeQuery(getInfoSQL);
    UserInfo thisUserInfo = null;
    if(rs.next()) {
        thisUserInfo = new UserInfo(rs.getString(userName), rs.getString(passWord), rs.getString(lastName), rs.getString(firstName), rs.getString(age), rs.getString(sex), rs.getString(email));
    } else {
        thisUserInfo = new UserInfo(nullString, nullString, nullString, nullString, nullString, nullChar, nullString);
    }
} finally {
    try {
        rs.close();
    } catch (Exception exp) {
    }
    try {
        rs.close();
    } catch (Exception exp) {
        stmt.close();
    }
}
return thisUserInfo;

As has (now) been pointed out...UserInfo expects a char for the sex parameter but you are passing it a String

You should try extract the value from the database using something like String sexValue = rs.getString(sex) and if it's not null, use sexValue.getCharAt(0).

I also have no idea where userName, passWord, lastName, firstName, age, sex and email are defined. This concerns me a little...

Answer 2

You need to post the code for your UserInfo class for starters. I would bet though that you don't have a constructor defined that takes those parameters.

Edit You're trying to implicitly convert from a String to a char which I suspect you can't do. Instead of rs.getString(sex) try rs.getChar(sex). Alternatively you could add an additional constructor that accepts a String for the sex parameter.

Edit Oh, I see the issue now. You've never defined any of the other variables, like passWord etc. Those need to be Strings for the column names or ints for the column indexes.

Also, this is unrelated, but never pass unsanitized input in a query like that. You're opening yourself up for SQL Injection. You should use prepared statements instead or make sure you escape the input at the very least.