"UPDATE table_name SET w = $1, x = $2, z = $4 WHERE y = $3 RETURNING *",

does not do the same as

"UPDATE table_name SET w = $1, x = $2, y = $3, z = $4 RETURNING *",

It’s 2 am and my mind blanked out the WHERE, and just wanted the numbers neatly in order of 1234.

idiot.

FML.

  • @towerful
    549 months ago

    Postgres has a useful extension, pg_safeupdate

    https://github.com/eradman/pg-safeupdate

    It helps reduce these possibilities by requiring a where clause for updates or deletes.
    I guess if you get into a habit of adding where 1=1 to the end of your SQL, it kind of defeats the purpose.