| I mean, in C++ (17? 20? Whenever constexpr was introduced) it's totally possible to create a library that allows you to build a SQL query via the language's string concatenation libraries/etc., but only allows you to do it with static strings unless you use ~shenanigans. (C++ unfortunately always allows ~shenanigans...) I guess you do wind up needing to potentially re-implement some basic things (or I guess more complex, if you want format string support too). But for basic string concatenation & interpolation, it's reasonable. That's a pretty useful way to get basic string concatenation while also preventing it from creating opportunities for SQL injection. For example, you have a class that requires a constexpr input & can be appended to/concatenated/etc.: SqlStringPart(constexpr ...) operator+(SqlStringPart ...) (so on) And you have a Query API that only takes SQL string expressions that are built out of compile time constants + parameters: SqlQuery(SqlStringPart ..., Parameters ...); This doesn't solve the problem mentioned in the article around pagination & memory usage, but at least it avoids letting someone run arbitrary SQL on your database. |