Ask HN: What's a build vs. buy decision that you got wrong?

[BoorishBears]

Type safe APIs for SQL are the happy medium.

[ducharmdev]

What do you mean by this - do you have a specific example?

[rowls66]

I think that he means generating application code from a database schema. A tool like Jooq (https://www.jooq.org/). If so, then I agree with him.

[BoorishBears]

Libraries like Jooq and SQLDelight include what I'm talking about and then build on top of it with codegen which is even nicer since it adds compiler safety

But even without codegen you'd still a much nicer interface than manually hacking together strings as the Golang example others have linked shows: https://github.com/Masterminds/squirrel

[CuriouslyC]

Zapatos is a good example. https://jawj.github.io/zapatos/

[dosethree]

golang https://github.com/Masterminds/squirrel

Constructing sql by concat strings has a few issues, its repetitive and hard to assemble certain queries conditionally, and at least in golang its easy to write code vulnerable to sql injection and you can avoid that by using types

[doctor_eval]

I never use string concat to generate SQL in Go - isn’t it normal to use placeholders? ie,

    db.QueryRow(“select $1”, n)

Looking at squirrel, I really don’t see how this

    sql, args, err := sq.Insert("users").Columns("name", "age").
    Values("moe", 13).Values("larry", sq.Expr("? + 5", 12)).
    ToSql()

Is better than this

    sql == "INSERT INTO users (name,age) VALUES (?,?),(?,? + 5)"

That said, I will happily agree that that SQL statement composition is not the same as an ORM, and I can see the benefit of Squirrel for those rare times you do need to conditionally build SQL statements.

[hamishwhc]

Not OP, but I would recommend Kysely as a great example. I’m on mobile so don’t have a link at hand sorry.

[winrid]

Sqlx for Rust type checks your queries at compile time.