I accidentally removed the WHERE clause from my SQL query in a personal tool. Every row is now the same. I overwrote 206,000+ rows. I have no backup, I am stupid.
"UPDATE table_name SET w = $1, x = $2, z = $4 WHERE y = $3 RETURNING *",
does not do the same as
"UPDATE table_name SET w = $1, x = $2, y = $3, z = $4 RETURNING *",
It's 2 am and my mind blanked out the WHERE, and just wanted the numbers neatly in order of 1234.
idiot.
FML.
You are viewing a single comment
All (doesn't seem like MsSQL supports it, I thought that's a pretty basic feature) databases have special configuration that warn or throw error when you try to
UPDATE
orDELETE
withoutWHERE
. Use it.I tried to find this setting for postgres and Ms SQLserver, the two databases I interact with. I wasn't able to find any settings to that effect, do you happen to know them?
It's supported in MySQL and MariaDB out of box:
https://dev.mysql.com/doc/refman/8.0/en/mysql-command-options.html#option_mysql_safe-updates
In Postgres there is an extension for it:
https://supabase.com/docs/guides/database/extensions/pg-safeupdate
It's not really a SQL Language feature, more an IDE feature. So to tell you where the settings are, we'd have to know which IDE you're using.
For example, in DataGrip (which I think you can use both for postgres and MSSQL), there's "Show warning before running potentially unsafe queries"
That would be SQL management studio and psql on the command line.
The best I could find was some plugins for SQL management studio (ssmsboost) and disable automatic commits for psql.
I didn't mean this as IDE thing, there is an extension to postgres and server configuration for mysql/mardiadb. Posted the links above
Well, the link you've posted is specifically for MySQL CLI Client - Maybe I should have I said "Client" instead of "IDE" - but if he uses a different IDE/Client besides MySQL-CLI it's probably a different setting