Chapter 25: CRUD: Update in Dart
Update rows by primary key. In this chapter, you will learn crud: update in depth with Dart code examples, explanations, and best practices.
Overview
This chapter covers crud: update for Kungfu.js developers using Dart. We will start with the basics, move through practical examples, and end with advanced techniques and common pitfalls.
Why This Matters
Understanding crud: update is essential because it is a core part of building web applications. Every real-world app needs to handle update rows by primary key. Skipping this chapter would leave a gap in your knowledge that would cause problems later.
Code Example
Here is how to work with databases in Dart:
// Update by primary key
let affected = User::update_by_pk(&db, 1, vec![
("email", json!("new@email.com")),
("status", json!("inactive")),
]).await?;
How the ORM Works
The Kungfu.js ORM uses parameterized queries. This means user input never gets interpolated into SQL strings. Instead, placeholders like $1, $2 are used, and the actual values are passed separately. This makes SQL injection impossible.
For example, if you search for a user by email, the ORM generates: SELECT * FROM users WHERE email = $1 and passes the email value as a parameter. Even if the email contains SQL code like ' OR 1=1 --, it is treated as a plain string, not as SQL.
Common Mistakes
- Not reading the documentation: Always check the API reference when something does not work as expected.
- Skipping security: Never disable the default middleware unless you have a very good reason. Security is not optional.
- Not testing: Write tests for your handlers. Kungfu.js makes this easy with the built-in test utilities.
Summary
In this chapter, you learned about crud: update in Dart. You saw code examples, understood how things work under the hood, and learned about common mistakes to avoid.
What is Next?
In chapter 26, we will cover CRUD: Delete: Delete rows safely.