4·
9 months agoI’ve been using Jooq to build my queries (and run them). Beats the hell out of writing prepared statements in strings.
Not sure what power I’m missing though, I’ve been able to do everything via Jooq that I want to do.
- 0 Posts
- 5 Comments
Joined 1 year ago
Cake day: June 14th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I’m calling the cops
Not understanding the true power you wield or the consequences of your actions
Sibling, I make CRUD apps with React and Python. I don’t think it’s that dramatic lmao
My favorite code reviews are where the reviewer only comments about trivial shit that doesn’t matter, like “it would be more readable if you added a newline here” type stuff.
The point about a binary protocol is interesting, because it would inherently solve the injection issue.
However, constructing an ad-hoc query becomes tedious, as you’re now dealing with bytes and text together. Doing so in a terminal can be pretty tedious, and most people would require a tool to do so. Compare this against SQL, where you can easily build a query in your terminal. I think the tradeoff is similar to protobuf vs json.
You could do a text representation (like textproto), but guess what? Now injection is an issue again.
Another thing would be the complexity of client libraries. With SQL client libraries, the library doesn’t need to parse or know SQL - it can send off the prepared statement as-is. With a binary protocol, the client libraries will likely need to include a query builder that builds the byte representation since no developers are going to be concatenating bytes by hand, which makes the bar higher for open-source libraries. This also means that if you add a new query feature to your DB, all client libraries will likely need to be updated to use the feature.
And you’re still going to need to tune and optimize queries for this new DB. That’s just the nature of the beast: scaling is hard especially when you can’t throw money at the problem.
Quite frankly, it’s a lot of hard tradeoffs to not need to use prepared statements or query builders. Injection is still is an issue for SQL today, but it’s been “solved” as much as it possibly can.