Comment by WilcoKruijer

Comment by WilcoKruijer a day ago

This analysis makes sense to me, but at the same time: we’re already switching between procedural and declarative when switching from [mainstream language] to SQL. This impedance mismatch (or awkwardness) is already there, might as well embrace it.

mpweiher a day ago

We are switching...but how and at what cost? We put SQL programs as strings into our other programs, often dynamically constructing them using procedure calls and then dispatching them using yet more procedure calls.

If that weren't yikes enough, SQL injection bugs used to be the #1 exploited security vulnerabilities. It's gotten a little better, partly because of greater usr of ORMs.

ORMs?

https://blog.codinghorror.com/object-relational-mapping-is-t...

Reply View 2 replies

koakuma-chan a day ago

> It's gotten a little better, partly because of greater usr of ORMs.
No, just use prepared statements.

Reply View | 1 reply
- mpweiher 13 hours ago
  
  "partly"
  
  Reply View | 0 replies