My program is used to perform a salami attack on the database

Whenever i run the program the compiler display the following message
Invalid Cursor state on line 29

import java.sql.*;
//import java.io.*;

class SalamiAttack
{
	String ssql1,ssql2,usql,temp="",buffer="";
	Connection conn;
	Statement st;
	ResultSet rs1;
	int index=0;
	float tempfraud,fraud,zigacc=0;
	SalamiAttack()
	{
		ssql1 = "select * from empacc where name not in('ziggler')";
		ssql2 = "select * from empacc where name='ziggler'";
		dbConnect();
		try
		{
			rs1 = st.executeQuery(ssql1);
			while(rs1.next())
			{
				buffer = rs1.getString("balance");
				//balance = Float.parseFloat(buffer);
				attack(buffer);
				//System.out.println(buffer);
			}
			rs1 = st.executeQuery(ssql2);
			//buffer="";
			buffer = rs1.getString("balance");
			zigacc = Float.parseFloat(buffer);
			fraud = fraud + zigacc;
			String strfraud = Float.toString(fraud);
			usql = "update table empacc set balance='" +strfraud+ "' ";
			st.execute(usql);
		}catch(Exception e){e.printStackTrace();}
	}
	void dbConnect()
	{
		try
		{
			Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
			conn = DriverManager.getConnection("jdbc:odbc:salami");
			st = conn.createStatement();
		}catch(Exception e){e.printStackTrace();}
	}
	void attack(String buff)
	{
		try
		{
			index = buff.indexOf(".");
			temp = buff.substring(index+3,buff.length()-1);
			temp = "0.000"+temp;
			tempfraud = Float.parseFloat(temp);
			fraud = fraud + tempfraud;
		}catch(Exception e){e.printStackTrace();}
		//System.out.println(fraud);
	}
}
class SalamiAttackMain
{
	public static void main(String args[])
	{
		SalamiAttack sa = new SalamiAttack();
	}
}

After you call the second query, do you check if there were any rows returned before calling the rs.getString ?

// Maybe you should do this:
rs1.close();

rs1 = st.executeQuery(ssql2);

// And this:
if (rs1.next()) {
  buffer = rs1.getString("balance");

}

You also don't close the rs, the st and the conn inside a finally block and the dbConnect, should throw the Exception. If there is one you catch it, do nothing and then continue even though the connection failed.

This article has been dead for over six months. Start a new discussion instead.