user_save() may overwrite random user data

- You have some index changes included in the patch? Are these intended to be here?

- How expensive can user_save() get? I mean, why don't we do the usual "SELECT, if not found INSERT" approach? I fully understand the additional SELECT adds a bit of an overhead, but we have the uid indexed already, so it shoud be "pretty quick" (oh, that always sounds dangerous to say :) Anyway, I'd rather see a proper SQL error-ess recovery, then realizing that "oh, we had an SQL error, so although it was already displayed/logged, let's quickly retract now". IMHO we should prevent the SQL error.

this could be said for many queries like nodes, comments, etc. i am not so sure this is a good move. anyway, it seems that this ought to be done in drupal_write_record since thats the master insert of them all.

I don't think this invalidates moshe's suggestion. drupal_write_record uses the schema to do the writing. If special checking / error reporting is needed whenever unique keys are involved, it probably belongs there.

user_save() does not use drupal_write_record
Ah, true, missed that :-). Then it's probably different... I don't think moving user_save to drupal_write_record would be a good move now (maybe it has even been explicitly postponed to D7 already), so I guess a separate fix is needed. This is not a proper review of the patch, though :-)

About drupal_write_record, then : fixing it might not be *required* for the uses in curent core, but maybe there will be cases in contrib ?

I don't want to be a pest, but there is a perfectly good patch in the queue that makes user_save() use drupal_write_record(). that might be preferable to a special case here. i'm not strongly opinionated though.

@pwolanin: I think this is it: http://drupal.org/node/181411#comment-644587

Decisions can be changed -- if that patch is needed for a clean soluton here and also elsewhere then we can move it back to the D6 queue.

So far what I have seen is that drupal_write_record() would have the same problem anyway. While it introduced problems with code around the node saving and other parts of Drupal, which took quite some time and hair tearing to fix, so I'd rather not rush to use it.

we could fix up drupal_write_record to check for unique keys and this would be solved for all involved.

I am not sure the drupal_set_message calls make a lot of sense. We don't add similar calls elsewhere. We should however add a watchdog call in user_save in case of failure.

pwolanin: Gerhard still makes a good point about wachdog() logging the bad call, so these kinds of misbehaviors can be noted in the log.

Applied patch to latest head and all was well, did what it said on the tin.

I have to say that this seems a sensible idea to me. Having user_save() must return a user object no matter what doesn't allow for a failure condition. The idea of returning FALSE on fail is deff a +1 from me.

Just hope to confirm: is patch from http://drupal.org/node/207170 able to overcome the concern in #13 and #14? Since drupal_write_record() is now return FALSE if facing error during INSERT/UPDATE query, maybe the user_save() error checking can become simpler? E.g. don't use manual INSERT/UPDATE queries, but drupal_write_record() so come with error checking?

All right. I don't think this patch is exactly nice, but it is a workable stop-gap solution for now, until Drupal 7 introduces more drupal_write_record()s. The error is already logged in watchdog with the DB error logging, and in user facing operations, we note the user about the error.

I did a small change on the patch though: moved the db_last_insert_id() call to after the error detection, as we don't need to call that if there is an error. Committed the attached patch.