#1
  1. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Posts
    1,137
    Rep Power
    173

    Ruby on Rails, ORM and raw SQL


    What is the state of Ruby on Rails, ORM and raw SQL? I know there's a big push to ORM with all the major frameworks (Ruby on Rails, TurboGears, Catalyst, etc.) and for some apps ORM is the way to go. Other times, however, it seems that raw SQL will make one's life a lot easier especially when using DB-specific SQL extensions. I particularly dislike half-solutions like raw SQL for the WHERE clause only, etc. RoR supporters, in particular, seem to go out of their way to vilify raw SQL.

    Some articles I've read criticize raw SQL because of SQL injection attacks. The examples provided are primarily for PHP. In Perl, DBI and placeholders automatically eliminate SQL injection so it's not even a consideration.

    Check out this blog on RoR's ActiveRecord. Basically he's saying ActiveRecord is "opinionated software" that doesn't want to leverage any DB specific features. To me, and it seems many others, that's "debilitating software." I don't mind opinions as long as I have a choice. I don't think I have a choice with RoR, do I?
    Last edited by Conundrum; January 27th, 2006 at 11:13 AM.
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    1
    Rep Power
    0
    Originally Posted by Conundrum
    What is the state of Ruby on Rails, ORM and raw SQL? I know there's a big push to ORM with all the major frameworks (Ruby on Rails, TurboGears, Catalyst, etc.) and for some apps ORM is the way to go. Other times, however, it seems that raw SQL will make one's life a lot easier especially when using DB-specific SQL extensions. I particularly dislike half-solutions like raw SQL for the WHERE clause only, etc. RoR supporters, in particular, seem to go out of their way to vilify raw SQL.

    Some articles I've read criticize raw SQL because of SQL injection attacks. The examples provided are primarily for PHP. In Perl, DBI and placeholders automatically eliminate SQL injection so it's not even a consideration.

    Check out this blog on RoR's ActiveRecord. Basically he's saying ActiveRecord is "opinionated software" that doesn't want to leverage any DB specific features. To me, and it seems many others, that's "debilitating software." I don't mind opinions as long as I have a choice. I don't think I have a choice with RoR, do I?
    You do have a choice... there are two command one for active record called "find_by_sql" and another called execute [docs ]

    the point with rails is why do you want to use sql when you can let your computer (which is much better at generating sql code) do it for you. Now there may be some task where you need to use a random bit of sql and you are in no way prohibited from doing that.

    I don't think you quoted them well when you said that it is opinionated because of active record (that is what it sounded like).

    I heard one of the developers put it this way. Rails is opinionated because it is their opinon of how an ORM should work not that they decided sql sucks and anyone who uses it is an idiot... their opinion is that the ORM has to make certain assumptions about how to do a certain task but, you are no way nailed down to doing it their way with rails.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2002
    Posts
    596
    Rep Power
    24
    Originally Posted by Conundrum
    What is the state of Ruby on Rails, ORM and raw SQL? I know there's a big push to ORM with all the major frameworks (Ruby on Rails, TurboGears, Catalyst, etc.) and for some apps ORM is the way to go. Other times, however, it seems that raw SQL will make one's life a lot easier especially when using DB-specific SQL extensions. I particularly dislike half-solutions like raw SQL for the WHERE clause only, etc. RoR supporters, in particular, seem to go out of their way to vilify raw SQL.

    Some articles I've read criticize raw SQL because of SQL injection attacks. The examples provided are primarily for PHP. In Perl, DBI and placeholders automatically eliminate SQL injection so it's not even a consideration.

    Check out this blog on RoR's ActiveRecord. Basically he's saying ActiveRecord is "opinionated software" that doesn't want to leverage any DB specific features. To me, and it seems many others, that's "debilitating software." I don't mind opinions as long as I have a choice. I don't think I have a choice with RoR, do I?
    the biggest benefit to using an ORM is not avoiding SQL injection or anything along those lines, it's for the programmer using an OO language to forget about the persistence layer, avoiding the 'impedence mismatch' which arises every time you switch from thinking objects to thinking relational databases. Applications can be designed much more cleanly and effectively if you use the same theoretical model throughout rather than switching to and fro and putting in little hacks to deal with one db's quirks. It may be overkill for some trivial web apps but usually whatever you might lose (eg performance for retrieving collections where the generated SQL may be inefficient) is outweighed by the big gains in simplicity etc.

IMN logo majestic logo threadwatch logo seochat tools logo