CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Database Triggers

Database PHP 5.0+ Intermediate
debt(d7/e7/b7/t7)
d7 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'only careful code review or runtime testing' (d7). Database triggers are invisible to application code and standard PHP tooling. The detection_hints list mysql-workbench and pgadmin as tools, but these are database admin tools that require manual inspection of database schema — they don't automatically flag problematic triggers. No automated detection exists per the term metadata. Developers typically discover trigger-related issues only through careful code review of the database schema or when debugging unexpected runtime behaviour.

e7 Effort Remediation debt — work required to fix once spotted

Closest to 'cross-cutting refactor across the codebase' (e7). The quick_fix says to 'use PHP application events instead for audit logging and side effects' — this is not a one-line fix but requires architectural migration. Moving business logic from database triggers into application-level event handlers requires: identifying all triggers, understanding their logic, implementing equivalent PHP event listeners, updating all relevant code paths, and ensuring data consistency during migration. This spans multiple files and often crosses component boundaries.

b7 Burden Structural debt — long-term weight of choosing wrong

Closest to 'strong gravitational pull' (b7). Triggers operate invisibly at the database layer, affecting all code that touches the relevant tables regardless of context (web, cli per applies_to). The common_mistakes highlight 'cascading triggers' and logic that is 'invisible to application developers' — this creates a persistent tax where every developer must remember triggers exist when working with affected tables. The misconception notes triggers 'hide logic that developers must know exists', meaning they impose cognitive load on all future maintainers working with those tables.

t7 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'serious trap' (t7). The misconception explicitly states 'Triggers are good for keeping derived data in sync' as the canonical wrong belief, when actually 'the outbox pattern or application-level events are more transparent and testable'. This contradicts how developers expect cause-and-effect to work — they expect application code changes to be traceable in application code. The why_it_matters describes 'a developer deletes a row, three other rows change via trigger' as a debugging nightmare because the side effects are hidden from normal code inspection.

About DEBT scoring → scored by claude-opus-4-5-20251101 · 2026-05-07 · reviewed by human

Also Known As

AFTER INSERT BEFORE UPDATE database trigger row-level trigger

TL;DR

Stored procedures that fire automatically on INSERT, UPDATE, or DELETE — useful for audit logs and enforcing constraints, but dangerous when they become hidden business logic.

Explanation

Triggers execute SQL logic automatically when data changes. Common legitimate uses: audit trails (log who changed what and when), denormalised counter updates (post_count on user table), enforcing complex constraints not expressible as check constraints, and maintaining summary tables. Dangers: invisible side effects (application writes one row, trigger writes five more), performance surprises (a simple INSERT triggers complex logic), testing difficulty (tests must set up trigger state), and debugging complexity (unexpected data changes have invisible causes).

Diagram 

sequenceDiagram
    participant APP as PHP App
    participant DB as Database
    participant TRG as Trigger
    participant LOG as Audit Log
    APP->>DB: UPDATE orders SET status='shipped'
    DB->>TRG: AFTER UPDATE fires automatically
    TRG->>LOG: INSERT into order_audit_log
    TRG-->>DB: complete
    DB-->>APP: 1 row updated
    Note over APP,TRG: App wrote 1 row<br/>trigger wrote 1 more<br/>developer may not know

Common Misconception

Triggers are good for keeping derived data in sync — the outbox pattern or application-level events are more transparent and testable; triggers hide logic that developers must know exists.

Why It Matters

Invisible trigger logic causes mysterious data changes — a developer deletes a row, three other rows change via trigger, and debugging takes hours because the trigger is not visible in application code.

Common Mistakes

  • Complex business logic in triggers — impossible to unit test and invisible to application developers.
  • Triggers that call external services — synchronous triggers block the transaction; use the outbox pattern.
  • Cascading triggers — trigger A fires trigger B which fires trigger C; debugging is nearly impossible.
  • Not documenting that triggers exist — future developers modify the table unaware of side effects.

Code Examples

✗ Vulnerable 
-- Trigger hiding business logic:
CREATE TRIGGER after_order_insert
AFTER INSERT ON orders FOR EACH ROW
BEGIN
    -- Sends email (makes HTTP call from trigger!)
    -- Updates inventory across 3 tables
    -- Calculates customer loyalty points
    -- Updates denormalised reporting tables
END;
-- Developer INSERT INTO orders... has no idea this fires
✓ Fixed 
-- Trigger for legitimate audit only:
CREATE TRIGGER audit_order_updates
AFTER UPDATE ON orders FOR EACH ROW
BEGIN
    INSERT INTO order_audit_log
        (order_id, old_status, new_status, changed_at, changed_by)
    VALUES (OLD.id, OLD.status, NEW.status, NOW(), @current_user);
END;
-- Business logic stays in PHP where it's testable and visible
Added 16 Mar 2026
Edited 22 Mar 2026
Views 71

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 0 pings S 0 pings M 1 ping T 1 ping W 1 ping T 1 ping F 2 pings S 1 ping S 0 pings M 1 ping T 0 pings W 1 ping T 0 pings F 1 ping S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Amazonbot 14 Perplexity 10 Google 5 Ahrefs 4 ChatGPT 4 Scrapy 4 Unknown AI 3 SEMrush 3 Majestic 2 Meta AI 2 Claude 2 Bing 1 Sogou 1 PetalBot 1
Also referenced
Using AI APIs in PHP 82 Transactional Outbox Pattern 61 Event Sourcing 48 Stored Procedures vs Application Logic 38
How they use it
crawler 49 crawler_json 5 pre-tracking 2
Related categories
architecture 3.2k database 2.8k ai_ml 2.3k messaging 1.4k
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Medium
⚡ Quick Fix
Avoid triggers for business logic — they fire invisibly, making application behaviour hard to trace and test; use PHP application events instead for audit logging and side effects
📦 Applies To
PHP 5.0+ web cli
🔗 Prerequisites
🔍 Detection Hints
Business logic in DB triggers invisible to application; trigger modifying data causing unexpected behaviour; performance issue from trigger overhead
Auto-detectable: ✗ No mysql-workbench pgadmin
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Medium Context: File Tests: Update
CWE-89
✓ schema.org compliant