@@IDENTITY can be hijacked via triggers; replaced with SCOPE_IDENTITY(). #201

Closed
wants to merge 1 commit into from

1 participant

@hrudham

Long story short, I was using massive on a development database where a co-worker has set up an audit table via triggers (don't ask). Inserting data resulted in the ID for the audit record coming back, instead of the ID of the item I was attempting to insert.

Phil Haack gives a very clear description of the issue here: http://haacked.com/archive/2005/04/11/beware-of-@@identity-theft-in-sql-server.aspx

The solution is moderately simple: switch out @@IDENTITY for SCOPE_IDENTITY(). Unfortunately this means that I had to stay within the query scope, which resulted in some string concatenation with the INSERT query instead of running a second query, which I'm not 100% comfortable with (hence why I'm glad someone has to read this before accepting the pull request). It does work however.

@hrudham hrudham closed this Sep 26, 2013
@hrudham

Missed this: #185

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment