Better handling of server-side errors (example Unique Index violation)


When a unique index is being violated the message that is being raised looks like:

"Cannot insert duplicate key row in object 'dbo.OSUSR_V98_ROOM' with unique index 'OSIDX_OSUSR_V98_ROOM_10ROOMNUMBER'. The duplicate key value is (101). The statement has been terminated."

What is the best practice to handle this? 

I could for example check the error message for "%unique index%" or'%duplicate key%', and then raise my message: "The Room with this number already exists". But this only works when there is just one unique index. Therefore I would rather show the message that corresponds to the specific unique index that is being violated.

Unfortunately the name of the Unique Index is not available in the error-message, so I am not able to make an error handling process to determine the message for the specific unique index.

Wouldn't it be great if the name of the unique index was part of the error message?

Created on 15 Nov 2019
Comments (3)

These errors come from the database; if you want better errors, you choices are:

1. Write CRUD wrappers that perform validation and message the way *you* want to.

2. Talk to Microsoft or Oracle about their messages.

Also keep in mind, many of us DON'T want the index name in the error message, because we don't want to provide an attacker with any details of the database, or because that's not helpful or friendly information to provide an end user.

So... best practice... write the CRUD wrapper... which is best practice *anyways*.


Hi Justin,

Thank you for pointing out the best practice of using CRUD wrappers.


Changed the category to Database