"UPDATE table_name SET w = $1, x = $2, z = $4 WHERE y = $3 RETURNING *",
does not do the same as
"UPDATE table_name SET w = $1, x = $2, y = $3, z = $4 RETURNING *",
It’s 2 am and my mind blanked out the WHERE, and just wanted the numbers neatly in order of 1234.
idiot.
FML.
Postgres has a useful extension, pg_safeupdate
https://github.com/eradman/pg-safeupdate
It helps reduce these possibilities by requiring a where clause for updates or deletes.
I guess if you get into a habit of adding
where 1=1to the end of your SQL, it kind of defeats the purpose.MySQL (and by extension, MariaDB) has an even better option:
mysql --i-am-a-dummy
Amazing! These are going in my.conf ASAP.
Transactions help more, IMO. The 1=1 becomes a real habit.