简体繁体 English

从数据库中获取数据而完整性受损

[英]Fetching data from database with integrity broken

原文 2012-02-08 13:43:46 4 3 c#/ mysql/ database/ sql-server-2008

Should application expect the unexpected when fetching data from database? 从数据库中获取数据时，应用程序是否应该期望意外？ Lets say that we have stored an enumeration value in a column (int or text). 假设我们已经在列（int或text）中存储了枚举值。 When we return values from database, we cast the value to enumeration type. 当我们从数据库返回值时，我们将该值转换为枚举类型。 What if someone has altered data in database manually, and broke data integrity, so our cast is failing? 如果有人手动更改了数据库中的数据并破坏了数据完整性，那么我们的演员表失败了怎么办？

Another example would be when a data type in c# is of less range that equivalent field in database. 另一个示例是c＃中的数据类型的范围小于数据库中的等效字段的范围。 If anyone puts value in this value manually, lets say to database max value, then application would throw out of range exception. 如果有人手动将值放入此值中，比如说数据库最大值，那么应用程序将抛出范围外异常。

Should we and how handle this exceptions? 我们应该以及如何处理这种例外？

Edit: Since most of the answers are similar, I am going to rephrase the question. 编辑：由于大多数答案是相似的，我将重新表述这个问题。 It is implied that there is exception logging in the application. 暗示应用程序中存在异常日志记录。 The problem is: when user queries for some data, and the data is corrupted (not from application CRUD operations, but outside), data conversion from database to model will fail, and user will get no data at all. 问题是：当用户查询某些数据且数据已损坏（不是来自应用程序CRUD操作，而是来自外部）时，从数据库到模型的数据转换将失败，并且用户将一无所获。 Is it acceptable to have such a state in application, since the application itself didnt cause it? 由于应用程序本身没有导致这种状态，因此在应用程序中具有这种状态是否可以接受？

Validating data would create a big slowdown on data fetching. 验证数据会大大降低数据获取速度。 Imagine that you need to check each decimal value if its out of range? 假设您需要检查每个十进制值是否超出范围？

3 个解决方案

It depends, is that usually possible to happen? 这取决于通常是否可能发生？

In my case, what I do is to things: 就我而言，我要做的是做事：

Log everything the executable does (it can be usefull for that case to identify where it failled) 记录可执行文件所做的一切（在这种情况下，确定可执行文件失败的位置可能很有用）
When running it with a batch file, check the exit status, if it's not 0 (a error occured), send an email for me! 使用批处理文件运行它时，请检查退出状态，如果它不是0（发生错误），请给我发送电子邮件！

With this, I know if something happened and I can prove that it wasn't my fault. 有了这个，我知道是否发生了什么，我可以证明那不是我的错。

Regarding your update, I just can say it depends! 关于您的更新，我只能说这取决于！

In my case, I build projects regarding functional data provided. 就我而言，我将构建有关提供的功能数据的项目。 And in all projects we have a set of requirements that the client needs to aprove (one might be the data from a table beeing in a certain way). 并且在所有项目中，我们都有一组客户需要证明的要求（一个要求可能是以某种方式来自表中的数据）。

The client accepts the requirements and voilá! 客户接受要求并遵守要求！ So, if something is alter it's not our fault and we are secured because the client accepts the requirements. 因此，如果事情有所改变，这不是我们的错，并且因为客户接受要求，我们得到了保障。

Since you've got fallible human beings mucking about with your database at a low level, then you should definitely perform such checks. 由于您很容易犯错，因此人们很容易迷惑您的数据库，因此您绝对应该执行此类检查。 The reason is that debugging is extremely expensive, and so when one of these errors does happen (as it inevitably will), as a defensive measure you should catch such errors as early as possible, rather than letting them propagate into your program and causing subtler, harder-to-find bugs elsewhere. 原因是调试非常昂贵，因此当其中一种错误确实发生时（不可避免地会发生），作为一种防御措施，您应该尽早捕获此类错误，而不是让它们传播到程序中并引起更微妙的变化。，其他地方难以发现的错误。

If it were "provably impossible" for a weird value to get into your database, one might argue that such a check is unnecessary. 如果一个怪异的值“不可能”进入您的数据库，则可能会认为这样的检查是不必要的。 You could for example put a column constraint on your database columns. 例如，您可以在数据库列上放置列约束。 Even in that case, one might keep the code checks around anyway as a defensive measure, unless you can argue that such checks degrade the performance of your system (which they likely do not). 即使在那种情况下，也可能会将代码检查作为防御措施，不管怎样，除非您可以说这样的检查会降低系统的性能（他们可能不会这样做）。

I always took it to be standard practice to place any database interaction code in the datalayer with in try...catch blocks so that you can handle situations such as this in a civilised manner. 我一直认为将所有数据库交互代码放在try...catch块中作为数据仓库的标准做法，以便您能够以文明的方式处理此类情况。

I don't check for every eventuality, but being able to log exceptions will prove useful when supporting your code in the long run. 我不会检查所有可能的情况，但是从长远来看，能够记录异常对于证明您的代码很有用。

In the case of a live system it's always good to have such information especially when you can accuse a customer of fiddling with things that they shouldn't have. 对于实时系统，拥有这样的信息总是很好的，特别是当您可以指责客户摆弄他们不应该拥有的东西时。

edit 编辑

As I said you can't check for every eventuality, but you can trap exceptions caused by situations such as casting a value to an enum that doesn't exist. 正如我说的那样，您不能检查所有的偶发事件，但可以捕获由诸如将值强制转换为不存在的枚举之类的情况引起的异常。

It isn't really possible to check for values that are out of range, other than the extreme eg a field unexpectedly comes back as DBNull or fails convertion from database datatype to model data type. 除了极端情况外，实际上不可能检查超出范围的值，例如，字段意外地返回为DBNull或从数据库数据类型转换为模型数据类型失败。 In such a case handling the error and presenting the user with an error message or "VALUE UNKNOWN" type indicator should be okay. 在这种情况下，处理错误并向用户显示错误消息或“ VALUE UNKNOWN”类型指示符应该可以。

The problem here is that you have a user who is changing data without using your application. 这里的问题是您有一个无需使用应用程序即可更改数据的用户。

You may already be implementing IDataErrorInfo in your data model, specifically to validate user input, if not look here for an example, or maybe something similar. 您可能已经在数据模型中实现了IDataErrorInfo ，专门用于验证用户输入（如果不在此处查看示例或类似内容）。

But you can't really cope with 'corrupted' data being a valid value ie if your enum field was changed to one that was correct value wise but incorrect logically you wouldn't know until you came to use it that it was wrong. 但是，您无法真正应对“损坏的”数据为有效值，即，如果将枚举字段更改为按值正确但逻辑上不正确的字段，直到使用它，您才知道它是错误的。

A pragmatic approach has to be taken as you rightly said validation of thousands or even just hundreds of values being retrieved from the database would have an unexceptable hit on performance. 正如您正确地说的那样，必须采取务实的方法，对从数据库中检索的数千个甚至数百个值进行验证将对性能产生异常的影响。

But saying "There's been an error, please contact your system administrator" or something similar is perfectly acceptable in my view. 但是说“出现错误，请与您的系统管理员联系”或类似的说法在我看来是完全可以接受的。