The Issue:
In src/provider/supabaseProvider.jsx, the insertData function uses a composite key for upsert operations (e.g., ["user_id", "university", "degree"] for the education table).
The Bug:
If a user fixes a typo in the "university" or "degree" field, the upsert logic will fail to find a match for the old version containing the typo. Consequently, Supabase will insert a brand-new record rather than updating the existing one.
Summary & Fix:
This leads to database "bloat" where a single user may end up with multiple redundant education records. The project should be updated to use a unique primary id field for updates instead of relying on content-based keys.
Vulnerable Code Snippet:
// src/provider/supabaseProvider.jsx
const insertData = async (table, data, multiple = false, conflictKeys = []) => {
try {
const payload = multiple ? data : [data];
const { data: res, error } = await supabase
.from(table)
.upsert(payload, {
onConflict: conflictKeys, // BUG: Using content keys causes duplicates on edit
ignoreDuplicates: false,
})
.select("id");
// ...
The Issue:
In
src/provider/supabaseProvider.jsx, theinsertDatafunction uses a composite key for upsert operations(e.g., ["user_id", "university", "degree"]for the education table).The Bug:
If a user fixes a typo in the "university" or "degree" field, the upsert logic will fail to find a match for the old version containing the typo. Consequently, Supabase will insert a brand-new record rather than updating the existing one.
Summary & Fix:
This leads to database "bloat" where a single user may end up with multiple redundant education records. The project should be updated to use a unique primary id field for updates instead of relying on content-based keys.
Vulnerable Code Snippet: