78

If you're modeling relational data, it doesn't seem like you can get around using a DB that uses SQL, which to me is the worst: most programmers aren't DB experts and the SQL they output is quite often terrible.

Not to dunk on the lemmy devs, they do a good job, but they themselves know that their SQL is bad. Luckily there are community members who stepped up and are doing a great job at fixing the numerous performance issues and tuning the DB settings, but not everybody has that kind of support, nor time.

Also, the translation step from binary (program) -> text (SQL) -> binary (server), just feels quite wrong. For HTML and CSS, it's fine, but for SQL, where injection is still in the top 10 security risks, is there something better?

Yes, there are ORMs, but some languages don't have them (rust has diesel for example, which still requires you to write SQL) and it would be great to "just" have a DB with a binary protocol that makes it unnecessary to write an ORM.

Does such a thing exist? Is there something better than SQL out there?

you are viewing a single comment's thread
view the rest of the comments
[-] fubo@lemmy.world 9 points 1 year ago

One alternative to both raw SQL and and ORM is a query builder, a procedural library for constructing database queries. Query builders typically don't have the object/relational "impedance mismatch" of ORMs; they don't encourage you to pretend that records in the database are the same as objects in your code. But they give you a syntax that looks more like your programming language, and automatically handles escaping (and thus, resistance to injection attacks).

However, query builders often don't expose all the power of your database. If you're using PostgreSQL, you've got one hell of a powerful set of tools in there. It's often worth spending the time to master them just so you don't end up reinventing the stone-age wheel on top of a warp-speed hovercraft.

[-] bill_1992@lemmy.world 5 points 1 year ago

I've been using Jooq to build my queries (and run them). Beats the hell out of writing prepared statements in strings.

Not sure what power I'm missing though, I've been able to do everything via Jooq that I want to do.

[-] koreth@lemm.ee 3 points 1 year ago

You're not missing much power with jOOQ, in my opinion as someone who has used it for years. Its built-in coverage of the SQL syntax of all the major database engines is quite good, and it has easy type-safe escape hatches if you need to express something it doesn't support natively.

this post was submitted on 04 Oct 2023
78 points (86.1% liked)

Programming

17314 readers
221 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS