Idempotent Database Transactions for Safe Payroll Posts (Simply Explained)
A plain-language guide to idempotent database transactions. No jargon, no tech speak, just what it means for your business.
By Mike Hodgen
The Bug That Could Quietly Wreck Your Books
I went looking for trouble in one of my own systems. Not trouble that had happened yet. Trouble that was waiting to happen.
The system I was checking handles payroll. The kind of process that has to be right every single time, because it's moving real money.
Here's how it worked. To finish one payroll run, the software had to write down five separate things, in order. The pay run itself. The individual paychecks. The breakdown of each paycheck. The year-to-date totals. And finally, the entry that posts everything to the official books.
Five steps. One after another. And that's the problem.
Why a Crash Leaves You Worse Off Than Doing Nothing
Imagine the process dies halfway through. A power blip. A timeout. A dropped connection. Anything.
Now you've got paychecks recorded, but the final posting to the books never happened. The payroll exists, but it never officially landed. Nothing balances.
Think of it like a waiter who takes your order, brings your food, but never rings it up. The meal happened. The books say it didn't.
Here's the dangerous part. A half-finished run looks finished. The paychecks are sitting right there. Nobody notices the missing piece until the accounting fails to add up days later.
In a financial system, a half-done job is worse than no job at all. No job tells you clearly that nothing happened. A half-done job lies to you.
So the honest question for any business owner is this: what happens when your financial software crashes mid-run? If the answer is "we hope it doesn't," that's not an answer.
Why "Just Run It Again" Makes Everything Worse
The natural instinct when something fails is to run it again. Of course it is. It broke, so do it over.
Without the right protection, that quietly doubles your problem.
Run it again and you get a second set of paychecks. A second posting to the books. The same money recorded twice. You didn't fix the half-finished run. You stacked a brand-new error on top of it.
You actually need two separate protections here, and most quickly built systems have neither.
The first is all-or-nothing. The whole run either finishes completely, or it does nothing at all. There's no in-between. That crash halfway through simply becomes impossible.
The second is making a repeat run harmless. If someone runs the same payroll twice, the system recognizes it already did the work and quietly does nothing the second time.
You need both. The first stops the half-finished run. The second stops the double payment.
The Fix: Treat the Whole Run as One Move
The solution is simpler than the workarounds people reach for.
Instead of five separate steps, I bundled all five into a single action. The database treats the entire payroll run as one indivisible move. Either everything lands together, or nothing does.
Picture a bank transfer. The money has to leave one account and arrive in the other as a single event. It can't leave the first account and vanish on the way. Same idea. If the final posting fails, the paychecks written a split second earlier get rolled back automatically too.
The software doesn't have to detect the failure and clean up the mess. The database handles all of it. There's no half-finished state to land in, because from the database's point of view, there are no separate steps anymore. There's one operation.
This single change didn't reduce the half-finished-run problem. It eliminated it. The crash that used to strand the books simply can't happen now.
Testing It for Real Without Touching the Books
Most systems have a "practice mode" so you can preview a run before committing it. The trouble is, practice mode usually runs different code than the real thing. So it tests a fantasy version and misses the bug that only shows up for real.
I do it differently. My practice mode runs the exact real process. Every check, every calculation, everything. Then, at the very last second, it throws it all away.
It's like a full dress rehearsal on the real stage with the real cast, and the moment before the curtain, everyone walks off and resets. You tested the real thing. You left nothing behind.
This matters because most practice modes drift out of sync with reality over time. Someone updates the real process and forgets the practice version. Then practice passes and the real run fails, which is the worst outcome, because you trusted the practice run. Mine can't drift, because it is the real run.
Three Locks So Running It Twice Does Nothing
All-or-nothing stops half-finished runs. It doesn't stop someone from posting the same payroll twice. So I add three independent safeguards. Because it's money.
First, the books physically allow only one official posting per pay period. Try to land a second one and the database refuses outright.
Second, each pay period gets a fixed, predictable label. March payroll always gets the same label, every time. That gives the system a reliable way to recognize "I already did this one."
Third, before writing a single thing, the system checks whether this period was already posted. If it was, it stops immediately and does nothing.
Belt, suspenders, and a second belt.
A network hiccup causes a retry? The pre-check catches it. Someone double-clicks the button? Same thing. Two processes overlap at once? The hard rule in the books refuses the second posting anyway.
There's no sequence of events, no double-click, no overlap that produces a duplicate. Any one of the three locks is enough on its own.
Fixing a Bad Run Without Erasing History
Sometimes you genuinely need to undo a run. Wrong numbers got posted. A correction is needed. That has to be safe too.
You never delete financial records. You reverse them.
Think of an accountant who makes a mistake. They don't erase the line. They write a new line that cancels it out, so the history shows both what happened and that it was corrected. That's exactly what my system does. The original posting stays. A reversing entry sits next to it, with the date and the reason.
Deleting would destroy the paper trail that justifies the whole system existing. The reversal itself is also all-or-nothing. You can't undo a run halfway any more than you can post one halfway.
What This Means When Software Handles Your Money
Back to the question I started with. What happens when this kind of system crashes mid-run?
Nothing. It rolls back clean. The retry is safe. You run it again and it either finishes the work or recognizes it's already done.
That's a good answer. But it isn't luck. It's a choice someone made on purpose, before the crash, because they assumed the crash would come.
AI lets me build financial features in days that used to take a team weeks. I've done it. But that speed only helps if someone insists on this exact discipline on the parts that move money. Fast and wrong is not a deal in a payroll system.
This is the work I do when I take on a system. I go hunting for the half-finished-run bug, the missing safeguard, the practice mode that tests a fantasy. Then I fix it before it costs you a reconciliation nightmare.
If you run a company and you're quietly unsure what's actually holding your financial automation together, that's a conversation worth having.
Ready to bring AI leadership into your company?
I work with a small number of companies at a time. If you're serious about AI, apply to work together and I'll review your application personally.
Get AI insights for business leaders
Practical AI strategy from someone who built the systems — not just studied them. No spam, no fluff.
Ready to automate your growth?
Book a free 30-minute strategy call with Hodgen.AI.
Book a Strategy Call