With ever the constant updates to popular and important apps and websites, how do the developers ensure the update preserves the user and site's original database, considering the possibility that the updates might contain data-corruptive bugs or exploits for users?
This question is not addressing the frequent database leaks, since they only involve release of read only data and exploits only exist in the form of accessing user accounts and data, not altering the site's database at large itself.
Even if there is a backup for the database, undoing changes that affect millions or people negatively would create a ton of uproar, especially if the site is based on real time interactions, like stock broker apps, social media apps and instant messengers. However I have personally never heard of such incidents.
Do companies at such large scales have extreme QA in place, depend on user feedback and reporting, or just have been lucky they haven't been exploited yet? Or am I completely wrong and these incidents do occur?
Keep in mind that I am an amateur in this domain. I have worked with MySQL databases for educational purposes and personal projects but I found the state of databases very fragile, like the ability to nuke the entire database with just 2-3 words. This fact made me come up with this question.
I can't speak for every company, but what I do is have a separate development database and web server. I make my changes and test them in development. If something breaks, no problem. I revert the changes and no users were impacted. When everything looks ready to deploy, you move it over to live.
Of course, there are also QA and security testing steps in between development and live to ensure that your new code, while not showing visible bugs, isn't opening security holes.
As for the ability to nuke the entire database in 2-3 words, pretty much every developer has a story of the time when they accidentally wiped out data. In my case, I was working on an expense report application that I had written and was trying to delete some date. I wrote a query along the lines of "Delete From ExpenseReports where ID = 7." Then I highlighted the query (since I had many queries in that SQL tab) and hit F5 to run it.
Unfortunately, I realized the second that my finger hit the key that only "Delete From ExpenseReports" was highlighted. I had deleted ALL of the data. I spent the rest of the day recovering data and learned a valuable lesson about being too quick on running queries.