Actually, when it comes to SQL specifically, it almost demands using a language one higher up.
Any language that features the ability to embed/interpolate unescaped quotes is not secure enough to be used directly by professional developers. Just not worth it to track down all the potential injection attacks.
And if an abstraction lets you understand the structure of queries (eg for sharding them) and even writes the code for you and balances parentheses, flags other syntax errors at compile time etc. then it’s a net benefit.
And of course there is the Adapter Pattern to abstract away connection logic and differences between mysql, pg, etc.
I wrote the “Db” library 12 years ago in PHP and still use it.
I never released it on HN for reasons like this. But I might. Here it is, embedded in my larger library, but I might break it out:
Any language that features the ability to embed/interpolate unescaped quotes is not secure enough to be used directly by professional developers. Just not worth it to track down all the potential injection attacks.
And if an abstraction lets you understand the structure of queries (eg for sharding them) and even writes the code for you and balances parentheses, flags other syntax errors at compile time etc. then it’s a net benefit.
And of course there is the Adapter Pattern to abstract away connection logic and differences between mysql, pg, etc.
I wrote the “Db” library 12 years ago in PHP and still use it.
I never released it on HN for reasons like this. But I might. Here it is, embedded in my larger library, but I might break it out:
https://github.com/Qbix/Platform/tree/main/platform/classes/...
Documentation:
https://qbix.com/platform/guide/database
https://qbix.com/platform/guide/models
One of the coolest features:
https://qbix.com/platform/guide/models#relations
If you read the above, please let me know your feedback!
Question: Should I release it as a Show HN?