|
|
|
|
|
|
by tailspin2019
1387 days ago
|
|
|
I definitely see that, and ORMs (particularly older ones) have historically made it easy to shoot yourself in the foot. But, everything is an abstraction, and I tend to think that if you use any abstraction, you need to have at least a little bit of knowledge about what’s happening in the layer beneath it. So using an ORM will not be an optimal experience if you don’t know how the underlying RDBMS works. And effectively using an RDBMS directly still requires a bit of knowledge about the layer below that level of abstraction too (eg how underlying query optimisation works etc). It’s possible to implement both incorrectly and get bad results and the opposite is true too |
|
|
Doing intensive string manipulation to put your query together becomes painful, fast, especially when you're dealing with optional parts like ordering, limiting, filtering, pagination, etc. It's also incredibly easy to slip in an injection vulnerability as you do that (especially if you're new to programming).
Just don't use it as a crutch because the declarative nature of SQL is vastly more powerful than an imperative wrapper and you'll be at a loss for only knowing the conventions and opinions of your ORM of choice.