Mid-level 5 min · March 05, 2026

Prisma ORM — Avoid Connection Pool Exhaustion in Serverless

Q: Do I need to write SQL to use Prisma?

No — Prisma's client API handles the vast majority of queries through its structured JavaScript/TypeScript object syntax. For complex aggregations or database-specific functions that Prisma can't express, you can use `prisma.$queryRaw` with tagged template literals, which keeps your queries safe from injection while giving you full SQL power.

Q: Can Prisma be used with an existing database I didn't design from scratch?

Yes — run `npx prisma db pull` and Prisma will introspect your existing database and generate a `schema.prisma` file that reflects its current structure. You can then use this as your starting point for Prisma Client and future migrations. It's not always perfect for complex legacy schemas, but it gets you 80% of the way there instantly.

Q: What's the difference between `include` and `select` in Prisma queries?

`include` adds related models on top of all the fields Prisma would return by default — think of it as 'give me everything, plus these joined relations'. `select` lets you specify exactly which fields to return and replaces the defaults entirely. You can nest `select` inside `include` to fetch a relation but only pick certain fields from it, which is the most common pattern for keeping response payloads lean.

Q: How do I handle soft deletes with Prisma?

Prisma doesn't have built-in soft-delete middleware, but you can implement it using `$use()`. In the middleware, intercept 'find' actions and add a `where: { deletedAt: null }` filter. For deletes, intercept 'delete' actions and change them to 'update' setting `deletedAt` to the current timestamp. This pattern ensures deleted records are never returned unless explicitly queried with `where: { deletedAt: { not: null } }`.

Q: Why did my migration fail with 'The migration file is not valid'?

This usually means the migration SQL has syntax errors or references tables/columns that don't exist. Run `npx prisma validate` to check your schema. If the migration file itself is corrupted, delete it and regenerate (only if it hasn't been applied anywhere). For a migration already in production, create a new migration that fixes the issue.

With default pool size 10, serverless Lambdas exhaust Postgres connections in seconds.

Naren · Founder

Plain-English first. Then code. Then the interview question.

About

● Production Incident 🔎 Debug Guide

⚡Quick Answer

Prisma is a type-safe ORM that generates a fully-typed client from a single schema.prisma file.
Models map to DB tables; relations are declared once and auto-resolved.
Nested writes and include allow complex queries in one round-trip.
Production insight: A schema change without prisma generate breaks TypeScript builds instantly — no runtime surprises.
Biggest mistake: Running prisma migrate dev in production — use deploy instead to avoid data loss.

Plain-English First

Imagine your database is a massive filing cabinet with thousands of folders. Writing raw SQL is like giving someone a hand-written note saying 'go to drawer 4, find the green folder, pull out the third sheet'. Prisma is like having a smart assistant who knows the entire cabinet layout — you just say 'get me John's orders from last month' in plain language, and it handles the filing cabinet trip for you. The best part? It double-checks that your request makes sense before it even walks to the cabinet.

Every production Node.js or TypeScript app eventually hits the same wall: your database queries become a tangled mess of raw SQL strings, you ship a typo that only blows up in production, and your team spends Friday afternoon debugging why user.adress returned undefined instead of throwing an error at write time. This is the moment developers discover Prisma — not as a trendy tool, but as a genuine solution to a painful daily problem. Prisma is a next-generation ORM that puts your database schema at the centre of your codebase, generates a fully type-safe client, and gives you an API that feels like writing TypeScript rather than wrestling with SQL dialects.

Traditional ORMs like Sequelize or TypeORM were designed when JavaScript was untyped and callbacks were king. They tack types on as an afterthought, leaving you with models that drift from your actual schema over time. Prisma flips this entirely — the schema.prisma file is the single source of truth, and everything — your migrations, your client types, your auto-complete — is derived from it. When your schema changes, your TypeScript errors change too, catching bugs before they reach users.

By the end of this article you'll be able to define a real schema with relationships, run type-safe CRUD queries, handle relations in a single round-trip with nested writes, and avoid the three mistakes that trip up most developers in their first Prisma project. You'll also understand why Prisma makes the architectural choices it does — which is the knowledge that sticks.

Setting Up Prisma: Schema as the Single Source of Truth

Prisma's setup is deliberately opinionated, and that's a feature. You install three things: the Prisma CLI (for migrations and codegen), the Prisma Client (the generated query engine you import in your app), and a database connector. The CLI reads your schema.prisma file and generates a Node.js client that's perfectly tailored to your schema — not a generic client with optional types bolted on.

The `schema.prisma` file has three blocks: datasource (which database and where), generator (what to generate — almost always the JS client), and your model definitions. Models map directly to database tables, but they're richer — you declare field types, constraints, default values, indexes and relations all in one place.

This matters because the schema is the contract between your app and your database. When you run prisma migrate dev, Prisma diffs the schema against the current database state and generates a SQL migration file. When you run prisma generate, it outputs a client with TypeScript types that exactly match that schema. There's no manual type-writing, no drift — the database and your TypeScript types are always in sync.

schema.prismaPRISMA

// datasource tells Prisma which database engine to use and where to find it.
// The DATABASE_URL is read from your .env file — never hardcode credentials.
datasource db {
  provider = "postgresql"
  url      = env("DATABASE_URL")
}

// generator tells Prisma what to produce when you run `prisma generate`.
// The output is the fully-typed PrismaClient you import in your app.
generator client {
  provider = "prisma-client-js"
}

// A model maps to a database table.
// Field names become the column names (snake_case in DB via @@map if needed).
model User {
  id        Int      @id @default(autoincrement()) // Primary key, auto-incremented
  email     String   @unique                       // Unique constraint on the column
  name      String
  createdAt DateTime @default(now())               // Set automatically on INSERT
  orders    Order[]                                // Relation: one User has many Orders
}

model Order {
  id         Int      @id @default(autoincrement())
  totalPrice Float
  placedAt   DateTime @default(now())
  userId     Int                                   // Foreign key column in the DB
  user       User     @relation(fields: [userId], references: [id]) // Relation scalar
  items      OrderItem[]
}

model OrderItem {
  id        Int    @id @default(autoincrement())
  productName String
  quantity  Int
  unitPrice Float
  orderId   Int
  order     Order  @relation(fields: [orderId], references: [id])
}

Output

// After running: npx prisma migrate dev --name init

// You'll see:

Environment variables loaded from .env

Prisma schema loaded from prisma/schema.prisma

Datasource "db": PostgreSQL database "shopdb", schema "public"

✔ Generated Prisma Client (v5.x.x) to ./node_modules/@prisma/client

The following migration(s) have been created and applied:

migrations/

└─ 20240601120000_init/

└─ migration.sql

Your database is now in sync with your Prisma schema.

Pro Tip: Commit Your Migration Files

The SQL files inside prisma/migrations/ are not throwaway artefacts — they're your database's git history. Commit them alongside your code so every developer and every CI environment applies the exact same migrations in the exact same order.

Production Insight

If you delete a migration file that was already applied, prisma migrate deploy will refuse to run, leaving your CI pipeline stuck.

Always keep migration files — they're the source of truth for your database evolution.

Rule: never delete a migration file; write a new migration to undo changes.

Key Takeaway

Schema → Migrations → Client: change the schema once, and everything downstream updates.

Prisma's three-step pipeline eliminates drift between database and TypeScript types.

Never commit node_modules — but always commit prisma/migrations/.

CRUD with Prisma Client: Type-Safe Queries That Actually Make Sense

Once you've run prisma generate, you import PrismaClient and get an object with a property for every model in your schema. Each model property exposes methods like findUnique, findMany, create, update, upsert and delete. These aren't magic strings — they're fully typed, so your IDE auto-completes field names and TypeScript yells at you if you pass a field that doesn't exist.

The real power shows up with select and include. With select, you specify exactly which fields to return — Prisma generates a SELECT col1, col2 query rather than SELECT *. With include, you tell Prisma to JOIN related tables and return them as nested objects. You control whether you're doing a lean read or a rich read, and Prisma generates efficient SQL for each case.

Prisma's where clause uses a structured object rather than a SQL string, which eliminates an entire class of SQL injection bugs by design. You describe the filter as data ({ email: { endsWith: '@company.com' } }), and Prisma parameterises it safely under the hood. This is the difference between an ORM that prevents bugs and one that just makes bugs more comfortable to write.

orderService.tsTYPESCRIPT

import { PrismaClient } from '@prisma/client';

// Instantiate once and reuse — creating a new PrismaClient per request
// opens a new connection pool each time, which will exhaust your DB connections fast.
const prisma = new PrismaClient();

async function runOrderExamples() {

  // ── CREATE ──────────────────────────────────────────────────────────
  // Nested write: creates the User AND their first Order in a single transaction.
  // If the Order insert fails, the User insert is rolled back automatically.
  const newUser = await prisma.user.create({
    data: {
      email: 'alice@example.com',
      name: 'Alice Chen',
      orders: {
        create: [
          {
            totalPrice: 49.99,
            items: {
              create: [
                { productName: 'Mechanical Keyboard', quantity: 1, unitPrice: 49.99 }
              ]
            }
          }
        ]
      }
    },
    // include tells Prisma to JOIN and return the related orders in the response.
    // Without this, `newUser.orders` would be undefined.
    include: { orders: { include: { items: true } } }
  });

  console.log('Created user:', JSON.stringify(newUser, null, 2));

  // ── READ (findUnique) ────────────────────────────────────────────────
  // findUnique requires a @unique or @id field — it throws a runtime error
  // if you try to filter on a non-unique field, which catches logic bugs early.
  const existingUser = await prisma.user.findUnique({
    where: { email: 'alice@example.com' },
    select: {
      id: true,
      name: true,
      // Nested select: only fetch order IDs and totals — no unnecessary data
      orders: {
        select: { id: true, totalPrice: true, placedAt: true }
      }
    }
  });

  console.log('Found user:', existingUser);

  // ── READ (findMany with filter) ──────────────────────────────────────
  // Find all orders over £20 placed in the last 7 days, sorted newest first.
  const recentLargeOrders = await prisma.order.findMany({
    where: {
      totalPrice: { gt: 20 },                            // gt = greater than
      placedAt:   { gte: new Date(Date.now() - 7 * 24 * 60 * 60 * 1000) } // last 7 days
    },
    orderBy: { placedAt: 'desc' },
    take: 10,                                            // LIMIT 10 — pagination
    include: { user: { select: { name: true, email: true } } }
  });

  console.log(`Found ${recentLargeOrders.length} recent large orders`);

  // ── UPDATE ──────────────────────────────────────────────────────────
  // update requires a unique identifier in `where`. Prisma won't let you
  // run a bulk update without using updateMany — accidental mass-updates
  // are a class of bug Prisma's API actively resists.
  const updatedUser = await prisma.user.update({
    where: { email: 'alice@example.com' },
    data:  { name: 'Alice Zhang' }          // Only this field changes
  });

  console.log('Updated name:', updatedUser.name);

  // ── DELETE ──────────────────────────────────────────────────────────
  // Always clean up in reverse dependency order, or configure cascading deletes
  // in your schema. Prisma won't silently ignore FK constraint violations.
  await prisma.orderItem.deleteMany({ where: { order: { userId: newUser.id } } });
  await prisma.order.deleteMany({     where: { userId: newUser.id } });
  await prisma.user.delete({          where: { id: newUser.id } });

  console.log('Cleanup complete.');
}

runOrderExamples()
  .catch(console.error)
  .finally(() => prisma.$disconnect()); // Always disconnect when the script ends

Output

Created user: {

"id": 1,

"email": "alice@example.com",

"name": "Alice Chen",

"createdAt": "2024-06-01T12:00:00.000Z",

"orders": [

{

"id": 1,

"totalPrice": 49.99,

"placedAt": "2024-06-01T12:00:00.000Z",

"userId": 1,

"items": [

{

"id": 1,

"productName": "Mechanical Keyboard",

"quantity": 1,

"unitPrice": 49.99,

"orderId": 1

}

]

}

]

}

Found user: { id: 1, name: 'Alice Chen', orders: [ { id: 1, totalPrice: 49.99, placedAt: 2024-06-01T12:00:00.000Z } ] }

Found 1 recent large orders

Updated name: Alice Zhang

Cleanup complete.

Watch Out: One PrismaClient Per App, Not Per Request

In a Next.js or Express app, importing new PrismaClient() inside a route handler creates a new connection pool on every request. In development with hot-reload, you'll exhaust your database connections within minutes. Create the client once in a shared module (e.g., lib/prisma.ts) and export the single instance. In Next.js dev mode, attach it to global to survive hot-reloads.

Production Insight

Using findUnique instead of findFirst on unique fields is an easy performance win — index-only lookups vs full table scan.

For heavy read apps, always prefer select over include to reduce payload size by 60-80%.

Rule: default to select; add include only when you need the relation on every row.

Key Takeaway

Structured where clauses eliminate SQL injection permanently — Prisma parameterises everything.

Nested writes are atomic by default: if any part fails, the whole operation rolls back.

Never use findFirst for ID lookups; use findUnique for index-optimised fetches.

Transactions and Raw Queries: When You Need the Escape Hatch

Prisma's nested writes handle the common case where you want to create related records atomically. But sometimes you need to run multiple independent operations — decrement a product's stock and create an order — where both must succeed or both must fail. That's what prisma.$transaction() is for.

Prisma gives you two transaction flavours. The array form (prisma.$transaction([op1, op2])) batches operations in a single DB transaction and is perfect when you can build all operations upfront. The interactive form (prisma.$transaction(async (tx) => { ... })) gives you a transaction-scoped client so you can use the result of one query to build the next — exactly what you need for 'check stock, then place order' logic.

Sometimes you genuinely need raw SQL — complex aggregations, database-specific functions, or queries that Prisma's API can't yet express. prisma.$queryRaw handles this safely with tagged template literals, which parameterise values automatically. You get SQL's full power without reopening the injection vulnerability door that Prisma's structured API closed.

checkoutService.tsTYPESCRIPT

import { PrismaClient, Prisma } from '@prisma/client';

const prisma = new PrismaClient();

// Real-world checkout: deduct stock and create the order atomically.
// If the stock deduction fails (e.g. stock hits 0), the order is not created.
async function processCheckout(userId: number, productId: number, quantity: number) {

  // Interactive transaction — we need the updated stock value BEFORE creating the order.
  const result = await prisma.$transaction(async (tx) => {
    // Step 1: Check and decrement stock.
    // updateMany with a conditional where clause prevents overselling without a race condition.
    const stockUpdate = await tx.product.updateMany({
      where: {
        id:    productId,
        stock: { gte: quantity }  // Only update if enough stock exists RIGHT NOW
      },
      data: {
        stock: { decrement: quantity }
      }
    });

    // If count is 0, the WHERE clause didn't match — stock was insufficient.
    if (stockUpdate.count === 0) {
      // Throwing inside a transaction automatically triggers a rollback.
      throw new Error(`Insufficient stock for product ${productId}`);
    }

    // Step 2: Fetch the product price (we need it for the order total).
    const product = await tx.product.findUnique({
      where:  { id: productId },
      select: { name: true, price: true }
    });

    if (!product) throw new Error(`Product ${productId} not found`);

    // Step 3: Create the order now that we've confirmed and reserved stock.
    const order = await tx.order.create({
      data: {
        userId,
        totalPrice: product.price * quantity,
        items: {
          create: [{
            productName: product.name,
            quantity,
            unitPrice: product.price
          }]
        }
      },
      include: { items: true }
    });

    return order; // This value becomes the resolved value of the transaction
  });

  console.log('Order placed successfully:', result.id);
  return result;
}

// ── RAW QUERY ────────────────────────────────────────────────────────────────
// Use $queryRaw when you need something Prisma's API can't express —
// here, a revenue report grouped by month using PostgreSQL's date_trunc.
async function getMonthlyRevenue(year: number) {
  // Prisma.sql is a tagged template literal — values are ALWAYS parameterised.
  // Never use string concatenation here: `WHERE year = ${year}` would be safe,
  // but `WHERE name = '${userInput}'` would be an injection vulnerability.
  const rows = await prisma.$queryRaw<{ month: Date; revenue: number }[]>(
    Prisma.sql`
      SELECT
        date_trunc('month', placed_at) AS month,
        SUM(total_price)               AS revenue
      FROM orders
      WHERE EXTRACT(YEAR FROM placed_at) = ${year}
      GROUP BY month
      ORDER BY month ASC
    `
  );

  console.log(`Revenue for ${year}:`);
  rows.forEach(row => {
    const monthLabel = row.month.toLocaleString('default', { month: 'long' });
    console.log(`  ${monthLabel}: £${Number(row.revenue).toFixed(2)}`);
  });

  return rows;
}

// Run examples
processCheckout(1, 42, 2)
  .then(() => getMonthlyRevenue(2024))
  .catch(console.error)
  .finally(() => prisma.$disconnect());

Output

Order placed successfully: 7

Revenue for 2024:

January: £1240.50

February: £980.00

March: £2105.75

April: £1875.00

May: £3200.99

June: £49.99

Interview Gold: The Race Condition Pattern

The updateMany + count === 0 pattern inside a transaction is a classic optimistic concurrency technique — you push the 'is there enough stock?' check into the WHERE clause of the UPDATE itself rather than doing a separate SELECT first. This eliminates the window between 'check stock' and 'deduct stock' where another request could slip in and oversell. Knowing this pattern signals senior-level database thinking.

Production Insight

Using the array form $transaction([...]) for independent operations is faster than interactive — Prisma batches them in one round-trip.

But interactive transactions let you use the result of one query to build the next, which is essential for optimistic concurrency.

Rule: array form for batch updates you know upfront; interactive for decision chains.

Key Takeaway

Nested writes cover atomic multi-table inserts; $transaction covers custom multi-step operations.

Raw queries with template literals keep injection protection — never use string concatenation.

Only reach for raw SQL when Prisma's API genuinely can't express the query.

Prisma Migrations in Practice: Evolving Your Schema Safely

Migrations are where many teams get burned. The mental model to hold onto is this: prisma migrate dev is for local development, and prisma migrate deploy is for staging and production. They're deliberately different commands with different safety profiles.

migrate dev is interactive — it detects schema drift, prompts you to name migrations, and re-runs seed scripts. It's designed for a developer who's actively shaping the schema. migrate deploy is non-interactive and deterministic — it applies only pending migrations that are already committed to version control, making it safe to run in a CI/CD pipeline without human intervention.

The workflow that actually works in teams is: make your schema change, run migrate dev locally to generate the SQL and validate it, commit both schema.prisma and the new migration file, and let CI run migrate deploy against staging. Never edit a migration file that has already been applied to any environment — Prisma checksums them, and tampering breaks the migration history. If you made a mistake in the last migration, create a new migration that corrects it.

migration-workflow.shBASH

# ── LOCAL DEVELOPMENT ────────────────────────────────────────────────────────

# Step 1: You've added a new `phoneNumber` field to the User model in schema.prisma.
# Run migrate dev to generate and immediately apply the migration to your local DB.
npx prisma migrate dev --name add_phone_number_to_users

# Prisma will output the generated SQL so you can review it:
# ALTER TABLE "User" ADD COLUMN "phoneNumber" TEXT;
# Always read this output — migrations are permanent.

# Step 2: After migrate dev, regenerate the client so your TypeScript types
# include the new `phoneNumber` field immediately.
# (migrate dev actually does this automatically, but it's good to know the standalone command)
npx prisma generate

# Step 3: Explore your data mid-development with Prisma Studio — a local browser UI.
# Useful for manually inspecting rows without writing throwaway scripts.
npx prisma studio
# Opens at http://localhost:5555

# ── SEEDING ───────────────────────────────────────────────────────────────────
# Run your seed script (defined in package.json under prisma.seed) to
# populate the DB with realistic test data after a fresh migration.
npx prisma db seed

# ── CI / PRODUCTION DEPLOYMENT ───────────────────────────────────────────────
# In your Dockerfile or CI pipeline, apply pending migrations non-interactively.
# This command NEVER creates new migrations — it only applies committed ones.
npx prisma migrate deploy

# ── CHECKING SYNC ─────────────────────────────────────────────────────────────
# If you suspect your DB is out of sync with your schema (e.g. a direct DB edit),
# this command shows the diff without making any changes. Read-only diagnostic.
npx prisma migrate status

Output

# Output of: npx prisma migrate dev --name add_phone_number_to_users

Environment variables loaded from .env

Prisma schema loaded from prisma/schema.prisma

Datasource "db": PostgreSQL database "shopdb"

Applying migration `20240602093000_add_phone_number_to_users`

The following migration(s) have been created and applied from new schema changes:

migrations/

└─ 20240602093000_add_phone_number_to_users/

└─ migration.sql

Your database is now in sync with your Prisma schema.

✔ Generated Prisma Client (v5.x.x)

# Output of: npx prisma migrate status (on a fully synced DB)

3 migrations found in prisma/migrations

DATABASE

3 migrations have been applied

No pending migrations.

Watch Out: Never Use migrate dev in Production

prisma migrate dev drops and recreates shadow databases, prompts for input, and can reset your database if it detects unresolvable drift. Running it in a production environment is a data-loss risk. Use prisma migrate deploy in any automated or production context — it's the safe, idempotent, CI-friendly command.

Production Insight

If you accidentally edit an applied migration file, the checksum mismatch will block all future deploys. Fix: create a new migration that cancels the change.

Always review the generated SQL before committing — Prisma's diff engine sometimes adds unnecessary ALTER statements on unrelated columns.

Rule: never manually edit a migration file; always create a corrective migration.

Key Takeaway

Use migrate dev for local development, migrate deploy for CI/production.

Never edit an applied migration file – create a new one instead.

Always commit migration files – they're the auditable history of your database.

Which Migration Command to Run?

IfActive development – schema is changing frequently

→

UseUse prisma migrate dev locally to generate and apply migrations interactively.

IfCI/CD pipeline – no human input, apply committed migrations

→

UseUse prisma migrate deploy – it's deterministic and safe for automation.

IfNeed to check state of migrations vs database

→

UseUse prisma migrate status – read-only, safe to run anywhere.

IfMistake in last migration that hasn't been deployed to prod yet

→

UseUse prisma migrate reset on local/dev database, then create correct migration.

Error Handling and Middleware in Prisma: Production Patterns

Prisma throws specific typed errors that you can catch and handle. The most common is PrismaClientKnownRequestError for constraint violations, unique failures, and foreign key issues. Others like PrismaClientValidationError catch invalid queries at runtime — useful in environments without TypeScript.

But error handling goes beyond try-catch. Prisma supports middleware via $use() — a function that intercepts every query before it executes. You can use this for logging, soft-deletes, audit trails, or even rewriting queries. Middleware is global and runs on every model unless you filter by action or model name.

A senior pattern: use middleware to automatically set updatedAt on every mutation, or to add tenant isolation filters. But beware — middleware runs in the same context as the request, so a blocking middleware kills performance. Keep middleware synchronous or use the deferred return pattern.

prismaMiddleware.tsTYPESCRIPT

import { PrismaClient } from '@prisma/client';

const prisma = new PrismaClient();

// Middleware: intercept every 'find' operation to add a soft-delete filter.
// This pattern ensures deleted records are never returned without manual intervention.
prisma.$use(async (params, next) => {
  // Only apply to models that have a `deletedAt` field
  if (params.action === 'findUnique' || params.action === 'findMany' || params.action === 'findFirst') {
    // Add a condition to exclude soft-deleted records
    if (params.args && params.args.where) {
      params.args.where.deletedAt = null;
    } else {
      params.args = params.args || {};
      params.args.where = { deletedAt: null };
    }
  }

  return next(params);
});

// Example usage: errors from Prisma are typed, not strings.
async function createUserWithErrorHandling(email: string, name: string) {
  try {
    return await prisma.user.create({
      data: { email, name }
    });
  } catch (error) {
    if (error instanceof Prisma.PrismaClientKnownRequestError) {
      // Unique constraint violation — email already exists
      if (error.code === 'P2002') {
        console.error(`User with email ${email} already exists`);
        throw new Error('Duplicate email');
      }
      // Foreign key violation (e.g., ordering from non-existent user)
      if (error.code === 'P2003') {
        console.error('Referenced record does not exist');
        throw new Error('Invalid reference');
      }
    }
    throw error; // Re-throw unknown errors
  }
}

Output

No output – middleware runs silently. On violation you'll see:

PrismaClientKnownRequestError: Unique constraint failed on the fields: (`email`)

at ...

code: 'P2002',

clientVersion: '5.x.x'

Middleware Performance Trap

Every query goes through every middleware. If you have three middleware functions each doing async I/O (e.g., logging to an external service), you're adding 3x latency to every database call. Always benchmark middleware impact — defer heavy operations to a queue if possible.

Production Insight

Prisma errors come with a code string — always handle by code, not by message (messages can change across versions).

Middleware can introduce subtle bugs: if you modify params.args after the query is built, the changes are applied. But modifying params.action after next() is called has no effect.

Rule: catch PrismaClientKnownRequestError by code (P2002, P2003, P2025); use middleware for cross-cutting concerns only.

Key Takeaway

Handle Prisma errors by code, not message – codes are stable across versions.

Middleware is global and runs on every query — keep it fast and filter actions.

Use middleware for soft-deletes, auditing, and tenant isolation; avoid for heavy logging.

● Production incidentPOST-MORTEMseverity: high

The Night Prisma Client Went Silent: Connection Pool Exhaustion in Production

Symptom

Prisma queries stuck for 30+ seconds, then timed out with 'Can't reach database server'. Postgres logs showed no dropped connections, but connection count hit max.

Assumption

The team assumed the PrismaClient singleton was correctly shared — they imported new PrismaClient() in a shared module. But Next.js hot-reload in dev mode created a new client on every refresh, and the production build accidentally bundled a separate instance per Lambda invocation.

Root cause

In a serverless environment (AWS Lambda), each invocation creates a fresh container. The default Prisma connection pool size (10) was fine, but the code instantiated new PrismaClient() inside the handler function instead of outside. Every concurrent request opened 10 new connections, never closing them until the Lambda died. Within seconds, Postgres hit its max_connections and queued everything.

Fix

Moved PrismaClient instantiation outside the handler — using a top-level constant in the module scope. Added prisma.$disconnect() in the Lambda's cleanup hook. Also set connection_limit in the datasource URL to 1 for serverless environments.

Key lesson

PrismaClient must be a singleton per process — never instantiate inside a request handler.
Serverless environments need connection_limit=1 to avoid exhausting the pool.
Always test connection pooling under concurrent load before production deploy.

Production debug guideDiagnose and fix the four most common Prisma failures without panic4 entries

Symptom · 01

prisma generate fails with 'Error: Prisma schema validation'

→

Fix

Run npx prisma validate to locate the exact syntax error or missing relation field

Symptom · 02

Migration applies locally but fails in CI with checksum error

→

Fix

Check if migration files were edited after apply — never touch an applied migration. Reset with prisma migrate reset on a disposable database.

Symptom · 03

Queries return old data after schema change

→

Fix

Regenerate the client with npx prisma generate. The stale types are cached in node_modules.

Symptom · 04

prisma migrate deploy throws 'cannot find any pending migrations'

→

Fix

Verify migration files are committed and the database has matching _prisma_migrations entries. Run prisma migrate status to see drift.

★ Prisma Quick Debug Cheat SheetWhen Prisma breaks at 2 AM, run these commands in order.

Client says model not found−

Immediate action

Stop the app. Regenerate client.

Commands

npx prisma generate

npx prisma validate

Fix now

Restart the app with fresh types.

Migration refuses to apply in CI+

Connection pool exhausted+

Prisma vs Traditional ORMs

Feature / Aspect	Prisma ORM	Sequelize / TypeORM
Type safety	Auto-generated from schema — always in sync	Manual model definitions — types can drift from DB
Schema definition	Single `schema.prisma` file (source of truth)	Decorators on classes or separate config files
Migration tooling	First-class `migrate dev` / `migrate deploy` split	Migration generation is error-prone; history tracking is fragile
Query API	Structured objects — no SQL strings required	Mix of chainable methods and raw SQL strings
SQL injection risk	Parameterised by design; `$queryRaw` uses tagged templates	Possible if raw queries are string-concatenated carelessly
Learning curve	Steeper initial setup; very productive once schema is set	Quicker to start; complexity grows as schema grows
Raw SQL escape hatch	`$queryRaw` and `$executeRaw` with safe parameterisation	Available but inconsistently documented
Relation handling	Nested writes and `include` are first-class API features	Associations require explicit join config and eager loading setup
Database support	PostgreSQL, MySQL, SQLite, SQL Server, MongoDB, CockroachDB	PostgreSQL, MySQL, SQLite, SQL Server (MongoDB varies)
Studio / GUI	Built-in `prisma studio` browser UI	No equivalent; third-party tools only

Key takeaways

schema.prisma is your single source of truth

your DB schema, your TypeScript types, and your migrations all flow from it. Change it in one place, and everything downstream updates.

Prisma's structured query API (`where

{ price: { gt: 20 } }`) isn't just developer-friendly — it eliminates SQL injection at the architectural level by making parameterisation automatic.

The migrate dev vs migrate deploy split is intentional

dev is for humans shaping a schema, deploy is for machines applying a known-good history. Mixing them up is how production databases get corrupted.

The interactive transaction pattern

prisma.$transaction(async (tx) => { ... }) with a conditional updateMany check — is the correct solution to optimistic concurrency problems like preventing overselling in an e-commerce cart.

Handle Prisma errors by code (P2002, P2003) not by message

codes are stable across versions. Use middleware for cross-cutting concerns like soft-deletes and auditing, but keep it lightweight.

Common mistakes to avoid

4 patterns

Instantiating PrismaClient per request

Symptom

In serverless or high-traffic apps, each invocation creates a new connection pool, leading to 'too many clients' errors and hanging queries within minutes.

Fix

Create a single PrismaClient instance in a shared module (e.g., lib/prisma.ts) and export it. In Next.js, attach it to globalThis to survive hot-module replacement.

Using `findFirst` when you mean `findUnique`

Symptom

Silently returns the first matching row instead of the unique record, causing hard-to-find bugs when multiple rows share similar data.

Fix

Reserve findFirst for genuinely non-unique lookups. Use findUnique when filtering by a unique field — it performs an index lookup and throws if not found.

Editing an already-applied migration file

Symptom

prisma migrate deploy throws a checksum mismatch error on any environment where that migration was applied, blocking all future deploys.

Fix

Create a new corrective migration with prisma migrate dev --name fix_previous_mistake. Never modify a migration file that has been applied anywhere.

Using raw SQL with string concatenation instead of tagged templates

Symptom

SQL injection vulnerabilities introduced through dynamic query building in $queryRaw. The app appears safe until a malicious input arrives.

Fix

Always use Prisma.sql tagged template literals inside $queryRaw. Values are parameterised automatically. Never build SQL by string concatenation.

INTERVIEW PREP · PRACTICE MODE

Interview Questions on This Topic

Q01SENIOR

How does Prisma's type-safe client stay in sync with the database schema...

Q02SENIOR

Explain the difference between `prisma.$transaction([op1, op2])` (the ar...

Q03SENIOR

If a junior developer said 'I use `$queryRaw` with template string conca...

Q01 of 03SENIOR

How does Prisma's type-safe client stay in sync with the database schema, and what happens if you change the schema without regenerating the client?

ANSWER

Prisma generates the client from the schema.prisma file. When you change the schema (add/remove fields, change relations), you must run prisma generate to update the client types. If you don't, the existing client will have stale type definitions — TypeScript won't flag the mismatch until runtime. For example, if you add a phoneNumber field to the User model but don't regenerate, the client won't have phoneNumber in its type definitions. You'd need to cast, defeating the purpose. The fix is to automate prisma generate in your build pipeline so it runs on every schema change.

FAQ · 5 QUESTIONS

Frequently Asked Questions

Do I need to write SQL to use Prisma?

Can Prisma be used with an existing database I didn't design from scratch?

What's the difference between `include` and `select` in Prisma queries?

How do I handle soft deletes with Prisma?

Why did my migration fail with 'The migration file is not valid'?

🔥

That's ORM. Mark it forged?

5 min read · try the examples if you haven't