33
Martin Fowler: ORM Hate
(martinfowler.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Mar 2026
33 points (92.3% liked)
Programming
26263 readers
304 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 2 years ago
MODERATORS
You don't need ORMs to prevent SQL injection. Prepared statements have existed for decades.
That's what I thought too: https://programming.dev/comment/22854391
But it seems to be possible to still do them wrong.
If you don't use the parameter functionality of prepared statements, yeah. That also means you don't use a prepared statement, you construct varying sql strings and prepare varying "prepared" statements.