The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> Ruby Programming
|
Ruby on Rails, ORM and raw SQL
Discuss Ruby on Rails, ORM and raw SQL in the Ruby Programming forum on Dev Shed.
Ruby on Rails, ORM and raw SQL Ruby and Ruby on Rails programming forum covering Ruby Tips and Tricks, Best Practices, and agile development with Ruby on Rails.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
January 26th, 2006, 01:29 PM
|
 |
Contributing User
|
|
|
|
|
Ruby on Rails, ORM and raw SQL
What is the state of Ruby on Rails, ORM and raw SQL? I know there's a big push to ORM with all the major frameworks (Ruby on Rails, TurboGears, Catalyst, etc.) and for some apps ORM is the way to go. Other times, however, it seems that raw SQL will make one's life a lot easier especially when using DB-specific SQL extensions. I particularly dislike half-solutions like raw SQL for the WHERE clause only, etc. RoR supporters, in particular, seem to go out of their way to vilify raw SQL.
Some articles I've read criticize raw SQL because of SQL injection attacks. The examples provided are primarily for PHP. In Perl, DBI and placeholders automatically eliminate SQL injection so it's not even a consideration.
Check out this blog on RoR's ActiveRecord. Basically he's saying ActiveRecord is "opinionated software" that doesn't want to leverage any DB specific features. To me, and it seems many others, that's "debilitating software." I don't mind opinions as long as I have a choice. I don't think I have a choice with RoR, do I?
Last edited by Conundrum : January 27th, 2006 at 10:13 AM.
|
March 12th, 2006, 03:51 PM
|
|
Registered User
|
|
Join Date: Mar 2006
Posts: 1
Time spent in forums: 20 m 17 sec
Reputation Power: 0
|
|
Quote: | Originally Posted by Conundrum What is the state of Ruby on Rails, ORM and raw SQL? I know there's a big push to ORM with all the major frameworks (Ruby on Rails, TurboGears, Catalyst, etc.) and for some apps ORM is the way to go. Other times, however, it seems that raw SQL will make one's life a lot easier especially when using DB-specific SQL extensions. I particularly dislike half-solutions like raw SQL for the WHERE clause only, etc. RoR supporters, in particular, seem to go out of their way to vilify raw SQL.
Some articles I've read criticize raw SQL because of SQL injection attacks. The examples provided are primarily for PHP. In Perl, DBI and placeholders automatically eliminate SQL injection so it's not even a consideration.
Check out this blog on RoR's ActiveRecord. Basically he's saying ActiveRecord is "opinionated software" that doesn't want to leverage any DB specific features. To me, and it seems many others, that's "debilitating software." I don't mind opinions as long as I have a choice. I don't think I have a choice with RoR, do I? |
You do have a choice... there are two command one for active record called "find_by_sql" and another called execute [docs ]
the point with rails is why do you want to use sql when you can let your computer (which is much better at generating sql code) do it for you. Now there may be some task where you need to use a random bit of sql and you are in no way prohibited from doing that.
I don't think you quoted them well when you said that it is opinionated because of active record (that is what it sounded like).
I heard one of the developers put it this way. Rails is opinionated because it is their opinon of how an ORM should work not that they decided sql sucks and anyone who uses it is an idiot... their opinion is that the ORM has to make certain assumptions about how to do a certain task but, you are no way nailed down to doing it their way with rails.
|
April 27th, 2006, 09:37 AM
|
|
|
Quote: | Originally Posted by Conundrum What is the state of Ruby on Rails, ORM and raw SQL? I know there's a big push to ORM with all the major frameworks (Ruby on Rails, TurboGears, Catalyst, etc.) and for some apps ORM is the way to go. Other times, however, it seems that raw SQL will make one's life a lot easier especially when using DB-specific SQL extensions. I particularly dislike half-solutions like raw SQL for the WHERE clause only, etc. RoR supporters, in particular, seem to go out of their way to vilify raw SQL.
Some articles I've read criticize raw SQL because of SQL injection attacks. The examples provided are primarily for PHP. In Perl, DBI and placeholders automatically eliminate SQL injection so it's not even a consideration.
Check out this blog on RoR's ActiveRecord. Basically he's saying ActiveRecord is "opinionated software" that doesn't want to leverage any DB specific features. To me, and it seems many others, that's "debilitating software." I don't mind opinions as long as I have a choice. I don't think I have a choice with RoR, do I? |
the biggest benefit to using an ORM is not avoiding SQL injection or anything along those lines, it's for the programmer using an OO language to forget about the persistence layer, avoiding the 'impedence mismatch' which arises every time you switch from thinking objects to thinking relational databases. Applications can be designed much more cleanly and effectively if you use the same theoretical model throughout rather than switching to and fro and putting in little hacks to deal with one db's quirks. It may be overkill for some trivial web apps but usually whatever you might lose (eg performance for retrieving collections where the generated SQL may be inefficient) is outweighed by the big gains in simplicity etc.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
