Comment by WilcoKruijer

1 day ago

This analysis makes sense to me, but at the same time: we’re already switching between procedural and declarative when switching from [mainstream language] to SQL. This impedance mismatch (or awkwardness) is already there, might as well embrace it.

3 comments

WilcoKruijer

mpweiher 1 day ago

We are switching...but how and at what cost? We put SQL programs as strings into our other programs, often dynamically constructing them using procedure calls and then dispatching them using yet more procedure calls.

If that weren't yikes enough, SQL injection bugs used to be the #1 exploited security vulnerabilities. It's gotten a little better, partly because of greater usr of ORMs.

ORMs?

https://blog.codinghorror.com/object-relational-mapping-is-t...

koakuma-chan 1 day ago
> It's gotten a little better, partly because of greater usr of ORMs.
No, just use prepared statements.
- mpweiher 15 hours ago
  
  "partly"