this post was submitted on 23 Mar 2026
20 points (91.7% liked)

Programming

26211 readers
460 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
20
Martin Fowler: ORM Hate (martinfowler.com)
submitted 1 day ago* (last edited 1 day ago) by HaraldvonBlauzahn@feddit.org to c/programming@programming.dev
27 comments fedilink hide all child comments
 

This is a pragmatic piece of Fowler on the rather dry topic of Object-relational mappings - in short, the attempt to marry an object-oriented code base with a relational data base.

Usually you'd get enough early success to commit deeply to the framework and only after a while did you realize you were in a quagmire - this is where I sympathize greatly with Ted Neward's famous quote that object-relational mapping is the Vietnam of Computer Science

What Fowler refers to here, is Ted Neward's article "The Vietnam Of Computer Science"

you are viewing a single comment's thread
view the rest of the comments
[–] FizzyOrange@programming.dev 11 points 1 day ago (1 children)

You don't need ORMs to prevent SQL injection. Prepared statements have existed for decades.

[–] moonpiedumplings@programming.dev 2 points 1 day ago (1 children)

That's what I thought too: https://programming.dev/comment/22854391

But it seems to be possible to still do them wrong.

[–] Kissaki@programming.dev 4 points 1 day ago

If you don't use the parameter functionality of prepared statements, yeah. That also means you don't use a prepared statement, you construct varying sql strings and prepare varying "prepared" statements.