"UPDATE table_name SET w = $1, x = $2, z = $4 WHERE y = $3 RETURNING *",
does not do the same as
"UPDATE table_name SET w = $1, x = $2, y = $3, z = $4 RETURNING *",
It’s 2 am and my mind blanked out the WHERE, and just wanted the numbers neatly in order of 1234.
idiot.
FML.
This is a hard lesson to learn. From now on, my guess is you will have dozens of backups.
And a development environment. And not touch production without running the exact code at least once and being well slept.
Fuck that, get shit housed and still do it right. That’s a pro.
That’s not pro, that’s just reckless gambling.
Totally right! You must set yourself up so a fool can run in prod and produce the expected result. Which is the purpose of a test env.
Replied hastily, but the way to run db statements in prod while dealing with sleep deprivation and drinking too much is to run it a bunch in several test env scenarios so you’re just copy pasting to prod and it CAN confidently be done. Also enable transactions and determine several, valid smoke tests.
Edit: a -> several
And always use a transaction so you’re required to commit to make it permanent. See an unexpected result? Rollback.
Transactions aren’t backups. You can just as easily commit before fully realizing it. Backups, backups, backups.
Yes, but
- Begin transaction
- Update table set x=‘oopsie’
- Sees 42096 rows affected
- Rollback
Can prevent a restore, whereas doing the update with auto commit guarantees a restore on (mostly) every error you make
Can prevent a restore, whereas doing the update with auto commit guarantees a restore on (mostly) every error you make
Exactly. Restores often result in system downtime and may take hours and involve lots of people. The backup might not have the latest data either, and restoring to a single table you screwed up may not be feasible or come with risk of inconsistent data being loaded. Even if you just created the backup before your statement, what about the transaction coming in while you’re working and after you realize your error? Can you restore without impacting those?
You want to avoid all of that if possible. If you’re mucking with data that you’ll have to restore if you mess up, production or not, you should be working with an open transaction. As you said… if you see an unexpected number of rows updated, easy to rollback. And you can run queries after you’ve modified the data to confirm your table contains data as you expect now. Something surprising… rollback and re-think what you’re doing. Better to never touch a backup and not shoot yourself in the foot and your data in the face all due to a stupid, easily preventable mistake.
Backups are for emergencies.
Transactions are for oopsies.
I’ve read something like “there are two kinds of people: those who backup and those who are about to”
This doesn’t help you but may help others. I always run my updates and deletes as selects first, validate the results are what I want including their number and then change the select to delete, update, whatever
I learned this one very early on in my career as a physical security engineer working with access control databases. You only do it to one customer ever. 🤷♂️
Pro tip: transactions are your friend
Completely agree, transactions are amazing for this kind of thing. In a previous team we also had a policy of always pairing if you need to do any db surgery in prod so you have a second pair of eyes + rubber duck to explain what you’re doing.
Postgres has a useful extension, pg_safeupdate
https://github.com/eradman/pg-safeupdate
It helps reduce these possibilities by requiring a where clause for updates or deletes.
I guess if you get into a habit of addingwhere 1=1
to the end of your SQL, it kind of defeats the purpose.MySQL (and by extension, MariaDB) has an even better option:
mysql --i-am-a-dummy
Amazing! These are going in my.conf ASAP.
You’re not the first. You won’t be the last. I’m just glad my DB of choice uses transactions by default, so I can see “rows updated: 3,258,123” and back the fuck out of it.
I genuinely believe that UPDATE and DELETE without a WHERE clause should be considered a syntax error. If you want to do all rows for some reason, it should have been something like UPDATE table SET field=value ALL.
You all run queries against production from your local? Insanity.
Everyone has a production system. Some may even have a separate testing environment!
The distinctions get blurry if you’re the sole user.
There is still the journal you could use to recover the old state of your database. I assume you commited after your update query, thus you would need to copy first the journal, remove the updates from it, and reconstruct the db from the altered journal.
This might be harder than what I’m saying and heavily depends on which db you used, but if it was a transactional one it has to have a journal (not sure about nosql ones).
this folks, is why you don’t raw dog sql like some caveman
But the adrenaline man… some of us are jonkies of adrenaline but we are too afraid of anything more of physically dangerous…
You may be interested in suicide linux then. it’s a distro that wipes your entire hard drive if you mistype a command
Yep. If you’re in a situation where you have to write SQL on the fly in prod, you have already failed.
Me doing it for multiple years in a Bank…Uhm…
(let’s just say I am not outting my money near them… and not just because of that but other things…)
Tell that to my former employer…
Yeah, I swear it’s part of the culture at some places. At my first full-time job, my boss dropped the production database the week before I started. They lost at least a day of records because of it and he spent most of the first day telling me why writing sql in prod was bad.
it’s time to commit sqlpukku
who thought it was a good idea to make the where condition in SQL syntax only correct after the set?? disaster waiting to happen
The people designing SQL, not having learned from the mistakes of COBOL, thought that having the syntax as close to English as possible will make it more readable.
All databases have special configuration that warn or throw error when you try to
UPDATE
orDELETE
withoutWHERE
. Use it.WHO, WHAT,
WHERE, WHEN, WHY, HOWI watched someone make this mistake during a screen share, she hit execute and I screamed “wait! You forgot the where!” Fortunately, it was such a huge database that SQL spun for a moment I guess deciding how it was going to do it before actually doing it, she was able to cancel it and ran a couple checks to confirm it hadn’t actually changed anything yet. I don’t think anything computer related has ever gotten my adrenaline going like that before or since
you could use dbeaver that warns you for update and delete queries without a where clause, independently of the db system. I hope the functionality it’s still there since, for totally unrelated motivations, I always use a where clause, even when buying groceries.
Unrelated, but use placeholders instead of interpolation right into the query.
See: Little Bobby Tables. https://xkcd.com/327/
That’s what they’re doing…
If true, great. I’ve not run across a language / RDBMs library that uses numbered place holders over the standard
?
, but I’m sure someone’s done it.
Depending on the database used, the data might still be there, just really hard to recover (as in, its presence is a side-effect, not the intent).
https://stackoverflow.com/a/12472582 takes a look at Postgres case, for example.