Modifying and destroying data are the most dangerous operations in an API. They must be handled with precision and safety.
1The Complexity of Updates
Updating a record is logically the most complex of the four CRUD operations because it requires the intersection of two data streams. You must extract the Target ID from the URL (req.params) to locate the specific record in the database. Simultaneously, you must extract the Payload from the request body (req.body) to know what new data to apply. If you mix these up, you might accidentally overwrite the wrong user's profile.
async function execute() {
// See concept above
}
2Coding PATCH vs PUT
In a previous module, we learned that PUT is a full replacement and PATCH is a partial update. In your Express code, this translates directly to how you configure your ORM. If your route is a PUT, you must write logic to overwrite every single field in the database, setting missing fields to null. If your route is a PATCH, you simply pass req.body directly to the ORM, allowing it to dynamically update only the specific fields provided by the client.
async function execute() {
// See concept above
}
3The Soft Delete Architecture
Data is the most valuable asset a company has. You never truly delete it. If a user deletes their account, executing a raw SQL DELETE command destroys the relational integrity of the database. All of their past orders, comments, and analytics become 'orphaned', causing the app to crash when it tries to load them. Instead, a 'DELETE' route in Express should actually execute an ORM update() command, flipping a boolean column called isDeleted or isActive. Your GET routes are then modified to filter out any users where isDeleted is true.
async function execute() {
// See concept above
}
