Finally, I found that prevent updating all records when I forget with a primary ID in GORM.
Sometimes, we forget primary ID for updating a record in a query. This query will occur the problem that all records in the table will be updated because the query does not specify a primary ID.
A query below will update one record with a company ID.
var db *gorm.DB
db, err = gorm.Open("mysql")
company := &Company{
Model: gorm.Model{ID: companyID},
Name: request.Name,
}
_, err := db.Model(&company).Update(company)
if err != nil {
...
}
This query works well wholly.
In contrast, the blow query without a primary ID will update all records.
var db *gorm.DB
db, err = gorm.Open("mysql")
company := &Company{
Name: request.Name,
}
_, err := db.Model(&company).Update(company)
if err != nil {
...
}
If this code is deployed to production service with no test, I don't want to imagine that it will do to our database.
So we can prevent this behavior with func (*DB) BlockGlobalUpdate.
var db *gorm.DB
db, err = gorm.Open("mysql")
db.BlockGlobalUpdate(true)
...
Again, the same query with not primary ID.
company := &Company{
Name: request.Name,
}
_, err := db.Model(&company).Update(company)
If we forget primary ID like that, we will get an error from GORM like below.
2020-08-03T07:45:14.011Z ERROR logger/logger.go:58 missing WHERE clause while updating
BlockGlobalUpdate()
can prevent updating all records in a table.
Wrapping up, we should use BlockGlobalUpdate()
when we create a gorm DB instance. Otherwise, someday your query could destroy your user's data entirely.
Top comments (0)