starred/radzen-blazor
1
0
Fork 0
mirror of https://github.com/radzenhq/radzen-blazor.git synced 2026-02-04 05:35:44 +00:00
Code Issues 1.3k Packages Projects Releases 22 Wiki Activity

Unintended Database Write in Radzen Inline Edit due to Multi-Row Editing #1040

New Issue
Closed
opened 2026-01-29 17:48:10 +00:00 by claunia · 1 comment
claunia commented 2026-01-29 17:48:10 +00:00
Owner
Copy Link

Originally created by @Shinigami9000 on GitHub (Nov 21, 2023).

Describe the bug

The Radzen Inline Edit functionality currently allows users to edit rows without triggering the necessary save action. When editing one row (withouth implicitly saving) and subsequently clicking the edit button for another row, the system temporarily saves the first row's state, even though it is not explicitly saved by the user. Upon saving the second row, both the edited values of the first and second rows are written to the database, leading to unintended database writes. This behavior allows for a potential bypass of logic, as both values are sent to the database instead of only the intended row.

The issue was initially identified in our own blazor server project, and it can be fully reproduced using the inline edit example provided on the Radzen website.

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'https://blazor.radzen.com/datagrid-inline-edit?theme=material'
  2. Click on 'Edit Source'
  3. Paste the following code RadzenBug- InlineEdit UpdateRecord eventhough no save.txt
    This is the same example code as the base inline edit with a removal of the add/remove methods since we only want to update records and not add or delete them.
  4. Click on 'Run' (It now should load the example from the example tab. incase it doesnt manually click on the 'Example' tab in the header)
  5. Modify the value in the first row (e.g., Ship Name) but intentionally refrain from clicking the 'Save' button.
  6. Without saving the changes in the first row, click the "Edit" button for a different row in the datagrid (e.g., the second row).
  7. Modify the value in the second row and proceed to click the 'Save' button.
  8. Observe that both the edited values from the first and second rows are written to the database, even though the changes in the first row were not explicitly saved.
  9. Rerun the code again without refreshing the page to observe that the first row that wasn't explicitly saved also persists in the database data, even though we didn't explicitly save it. (Note that refreshing the example page wont work since it would bring the code back to its original unedited state)

Note: The observed behavior in the example is consistent with our own application, which utilizes a MSSQL database.

Expected behavior
The expected behavior is that when editing a row using Radzen Inline Edit, changes made to a row should only be saved to the database if the user explicitly clicks the 'Save' button. In the described scenario, modifying the value in the first row should not result in the system saving those changes unless the user actively clicks 'Save' for that specific row. Subsequently editing another row and clicking 'Save' should only save changes for the edited row, not for any other rows that were previously edited but not explicitly saved. The behavior should align with the intended actions of the user, preventing unintended database writes for rows that were not explicitly confirmed for update.

Screenshots
Below, you will find the first four screenshots, each corresponding to the steps taken to reproduce the bug. Screenshots from point 5 till 8 depict the reproduction of the bug in our own application.

  1. Original state before editing.
    Original State

  2. Edit of the first row without implicitly saving it.
    Edited first row withouth save

  3. Edit of the second row and saving of the new value using the save button.
    Edited Second row with save

  4. New state after saving the second row.
    New State

  5. Upon rerunning the code, it becomes evident that the first row retains the edited value, despite not being explicitly saved. This persistent behavior is also consistently replicated in our own Blazor server application.

  6. Original state of bools
    OriginalStateApp

  7. Changing all bools except last to true withouth implicitly saving the first 5 rows.
    Editing but not saving

  8. New state after only saving the last row and reloading the data from our database
    New state after saving last row withouth change

Desktop (please complete the following information):

  • OS: [Windows]
  • Browser [Chrome, Safari, Edge]
  • Version Radzen example site [Latests]
  • Version Own project [Radzen 4.21.3]
Originally created by @Shinigami9000 on GitHub (Nov 21, 2023). <!-- IMPORTANT: Read this first!!! 1. If you own a Radzen Professional or Еnterprise subscription you can report your issue or ask us a question via email at info@radzen.com. Radzen staff will reply within 24 hours (Professional) or 16 hours (Enterprise) 2. The Radzen staff guarantees a response to issues in this repo only to paid subscribers. 3. If you have a HOW TO question start a new forum thread in the Radzen Community forum: https://forum.radzen.com. Radzen staff will close issues that are HOWTO questions. 4. Please adhere to the issue template. Specify all the steps required to reproduce the issue or link a project which reproduces it easily (without requiring extra steps such as restoring a database). --> **Describe the bug** The Radzen Inline Edit functionality currently allows users to edit rows without triggering the necessary save action. When editing one row (withouth implicitly saving) and subsequently clicking the edit button for another row, the system temporarily saves the first row's state, even though it is not explicitly saved by the user. Upon saving the second row, both the edited values of the first and second rows are written to the database, leading to unintended database writes. This behavior allows for a potential bypass of logic, as both values are sent to the database instead of only the intended row. The issue was initially identified in our own blazor server project, and it can be fully reproduced using the inline edit example provided on the Radzen website. **To Reproduce** Steps to reproduce the behavior: 1. Go to 'https://blazor.radzen.com/datagrid-inline-edit?theme=material' 2. Click on 'Edit Source' 3. Paste the following code [RadzenBug- InlineEdit UpdateRecord eventhough no save.txt](https://github.com/radzenhq/radzen-blazor/files/13425222/RadzenBug-.InlineEdit.UpdateRecord.eventhough.no.save.txt) This is the same example code as the base inline edit with a removal of the add/remove methods since we only want to update records and not add or delete them. 4. Click on 'Run' (It now should load the example from the example tab. incase it doesnt manually click on the 'Example' tab in the header) 5. Modify the value in the first row (e.g., Ship Name) but intentionally refrain from clicking the 'Save' button. 6. Without saving the changes in the first row, click the "Edit" button for a different row in the datagrid (e.g., the second row). 7. Modify the value in the second row and proceed to click the 'Save' button. 8. Observe that both the edited values from the first and second rows are written to the database, even though the changes in the first row were not explicitly saved. 9. Rerun the code again without refreshing the page to observe that the first row that wasn't explicitly saved also persists in the database data, even though we didn't explicitly save it. (Note that refreshing the example page wont work since it would bring the code back to its original unedited state) Note: The observed behavior in the example is consistent with our own application, which utilizes a MSSQL database. **Expected behavior** The expected behavior is that when editing a row using Radzen Inline Edit, changes made to a row should only be saved to the database if the user explicitly clicks the 'Save' button. In the described scenario, modifying the value in the first row should not result in the system saving those changes unless the user actively clicks 'Save' for that specific row. Subsequently editing another row and clicking 'Save' should only save changes for the edited row, not for any other rows that were previously edited but not explicitly saved. The behavior should align with the intended actions of the user, preventing unintended database writes for rows that were not explicitly confirmed for update. **Screenshots** Below, you will find the first four screenshots, each corresponding to the steps taken to reproduce the bug. Screenshots from point 5 till 8 depict the reproduction of the bug in our own application. 1. Original state before editing. ![Original State](https://github.com/radzenhq/radzen-blazor/assets/58690140/e7dd2523-2525-4310-ac0c-e4ec679c3f2a) 2. Edit of the first row without implicitly saving it. ![Edited first row withouth save](https://github.com/radzenhq/radzen-blazor/assets/58690140/0606daa3-8f15-4ea8-9c25-bc2e199fe0f0) 3. Edit of the second row and saving of the new value using the save button. ![Edited Second row with save](https://github.com/radzenhq/radzen-blazor/assets/58690140/291ea245-003f-493a-b83e-54b943a5550a) 4. New state after saving the second row. ![New State](https://github.com/radzenhq/radzen-blazor/assets/58690140/3425b052-d899-4c74-88c0-6f932e7a8bce) 5. Upon rerunning the code, it becomes evident that the first row retains the edited value, despite not being explicitly saved. This persistent behavior is also consistently replicated in our own Blazor server application. 6. Original state of bools ![OriginalStateApp](https://github.com/radzenhq/radzen-blazor/assets/58690140/d7f88c9d-3929-48a0-bf3f-5ad8aa5c7468) 7. Changing all bools except last to true withouth implicitly saving the first 5 rows. ![Editing but not saving](https://github.com/radzenhq/radzen-blazor/assets/58690140/390ca68c-d3af-49dd-83dd-54e5707246dc) 8. New state after only saving the last row and reloading the data from our database ![New state after saving last row withouth change](https://github.com/radzenhq/radzen-blazor/assets/58690140/4495c3ba-67dc-47c8-a3fb-630263a222f4) **Desktop (please complete the following information):** - OS: [Windows] - Browser [Chrome, Safari, Edge] - Version Radzen example site [Latests] - Version Own project [Radzen 4.21.3]
claunia commented 2026-01-29 17:48:10 +00:00
Author
Owner
Copy Link

@enchev commented on GitHub (Nov 21, 2023):

Hey @Shinigami9000,

This is just an example that can be adapted to your scenario in the way you need - not something part of the component itself.

@enchev commented on GitHub (Nov 21, 2023): Hey @Shinigami9000, This is just an example that can be adapted to your scenario in the way you need - not something part of the component itself.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
enhancement
good first issue
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/radzen-blazor#1040
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?