Re: Why are String Formatted Queries Considered So Magical?

Sun, 27 Jun 2010 21:03:06 -0700 

On 6/27/10 7:51 PM, Carl Banks wrote:

I'm not the biggest expert on SQL ever, but the only thing I can think
of is expressions.  Statements don't express anything very complex,
and could straightforwardly be represented by function calls.


See, there's really two kinds of SQL out there.


There's the layman's SQL which is pretty straight-forward. Sure, it can 
start looking a little complicated if you get multiple clauses in the 
WHERE line (and maybe you're ambitious and do a simple inner join), but 
its probably still not bad. That can get translated into an API pretty 
easily.



Then there's the type of SQL that results in DBA's having jobs-- and 
deservedly so. Its *really* a very flexible and powerful language 
capable of doing quite a lot to bend, flex, twist, and interleave that 
data in the server while building up a result set for you.



I'm honestly only really in the former camp with a toe into the latter 
(I use aggregation and windowing functions over some interesting joins 
on occasion, but it takes effort). So I can't give a lot of serious 
examples to *prove* I'm right.



So I just have to say: based on my experience and admittedly limited 
imagination, converting the full expressive power of SQL into a regular 
sort of API would be a very, very, very hairy sort of mess. SQLAlchemy 
can do the layman's SQL, and can *kind of* do a *little bit* of the 
advanced stuff-- but usually, it does the advanced stuff by just making 
it very easy for you to shove it out of the way and do SQL directly.



But still: that's the structured part of SQL which belongs in a string. 
The data does not. It should be obvious that when a database provides 
you a mechanism to pass data in such that it doesn't need sanitization* 
at all, that's preferable to actually doing sanitization, even if you're 
divinely capable of perfect sanitization and even if sanitization is a 
trivial task that a monkey should be able to handle.



--

   ... Stephen Hansen
   ... Also: Ixokai
   ... Mail: me+list/python (AT) ixokai (DOT) io
   ... Blog: http://meh.ixokai.io/


P.S. *My computer /swears/ sanitization is spelled wrong. Either I'm 
high or it's high. Stupid old school mac mini.

--
http://mail.python.org/mailman/listinfo/python-list
























					Reply via email to