How a JPA save() Call Silently Overwrote My Data (and How to Fix It)

By -

How a JPA save() Call Silently Overwrote My Data (and How to Fix It)



I recently encountered a subtle but dangerous issue in a Spring Boot + JPA application. There were no errors, no exceptions, and no failed transactions — yet a database column was silently overwritten with NULL.

If you are using Spring Data JPA and updating the same table from multiple endpoints, this is something you should be aware of.

The Simplified Scenario

We had two REST endpoints updating the same entity, but different fields. The code below is simplified and mangled for illustration.

Endpoint A – updates an external reference


EntityX entity = repository.findByKey(refId);

// update external reference
entity.setExternalRef("ABC123");

repository.save(entity);

Endpoint B – updates customer email


EntityX entity = repository.findByKey(refId);

// update email only
entity.setEmail("user@example.com");

repository.save(entity);

The assumption was that Endpoint B would only update the email field. Unfortunately, that assumption is incorrect.

The Problem: Silent Data Overwrite

What actually happened:

  • Endpoint A correctly saved externalRef
  • Endpoint B ran later
  • externalRef became NULL in the database
  • No error, no warning, no rollback

This behavior is extremely dangerous because it fails silently.

Why This Happens

In JPA, save(entity) does not perform a partial update. It persists the entire state of the entity instance.

If a field is null in memory, JPA assumes you want it to be NULL in the database.

This means JPA may generate SQL like: 


UPDATE entity_x
SET email = ?,
    external_ref = NULL
WHERE id = ?

Even if external_ref previously had a valid value.

When This Bug Typically Appears

  • Multiple endpoints update the same table
  • Each endpoint loads and saves the entity independently
  • No optimistic locking is used
  • Fields are nullable in the database

This is normal JPA behavior — not a race condition edge case.

How to Debug This Issue

1. Enable SQL logging


logging.level.org.hibernate.SQL=DEBUG
logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE

Check for unexpected column = NULL updates.

2. Log entity state before saving


log.debug("Saving entity: {}", entity);

You may be surprised which fields are null.

Correct Fixes (Recommended Order)

✅ Fix #1: Use Partial Update Queries (Best Practice)


@Modifying
@Query("""
  update EntityX e
  set e.email = :email
  where e.key = :refId
""")
void updateEmail(String refId, String email);

This avoids loading the entity and guarantees other fields remain untouched.

✅ Fix #2: Enable Optimistic Locking


@Version
private Long version;

This prevents stale updates and fails fast instead of corrupting data.

⚠️ Fix #3: Defensive Re-Setting (Not Ideal)

Manually restoring unchanged fields before saving is error-prone and not recommended for complex entities.

🛑 Fix #4: Database NOT NULL Constraints

This prevents corruption at the database level but causes runtime failures instead of fixing the root issue.

Key Takeaways

  • save() persists the entire entity state
  • JPA does not protect you from overwriting data
  • Silent data loss is worse than exceptions
  • Partial updates or optimistic locking are the correct solutions

If you ever hear “we are only updating one field, it’s safe” — double check the code.

JPA will do exactly what you told it to do, not what you meant.

❤️ Support This Blog

If this post helped you, you can support my writing with a small donation. Thank you for reading.

Coffee ☕ Thanks 🙏 Extra Support ❤️

Comments

Post a Comment

Popular posts from this blog

fixed: embedded-redis: Unable to run on macOS Sonoma

By -
Image
Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.lang.RuntimeException: Can't start redis server. Check logs for details. Redis process log: at redis.embedded.AbstractRedisInstance.awaitRedisServerReady(AbstractRedisInstance.java:70) at redis.embedded.AbstractRedisInstance.start(AbstractRedisInstance.java:42) at redis.embedded.RedisServer.start(RedisServer.java:9) Solution use the latest one: https://mv   ...
Read more

Copying MDC Context Map in Web Clients: A Comprehensive Guide

By -
Image
Introduction In distributed systems, maintaining context across microservices is crucial for effective logging and tracing. The Mapped Diagnostic Context (MDC) in logging frameworks like Logback or Log4j allows developers to propagate contextual information such as request IDs, user IDs, or correlation IDs across threads and services. When using web clients to make outgoing requests, it's essential to propagate the MDC context map to ensure consistency and traceability. This guide will provide   ...
Read more

Reset user password for your own Ghost blog

By -
Image
If you do not config mail up for your ghost blog, it maybe a big problem once you lost your user password. however, methods are always more than problems. We can fix it up by reset it. 1. Find out your database name in your ghost config, it is maybe in config.production.json   "database": {     "client": "mysql",     "connection": {       "host": "localhost",       "user": "ghost-452",       "password": "dade1b0565f2585e07c7",       "database": "ghost_production_acm" 2. Use mysql to reset the password. mysql -u root -p Enter the password for root account. mysql> use ghost_production_acm; mysql> select * from users; ghost use bcrypthash for the password. You can get bcrypt hash string from http://bcrypthashgenerator.apphb.com/ mysql>update users set password=' $2b$10$PaL8tKcU4i0CsjRrM6BhROVQMwwLFw2HSx/kWlAUgja23fNllc2Fy' where ...
Read more