Why are String Formatted Queries Considered So Magical?

Sun Jun 27 23:52:01 EDT 2010

On 6/27/10 7:51 PM, Carl Banks wrote:
> I'm not the biggest expert on SQL ever, but the only thing I can think
> of is expressions.  Statements don't express anything very complex,
> and could straightforwardly be represented by function calls.

See, there's really two kinds of SQL out there.

There's the layman's SQL which is pretty straight-forward. Sure, it can 
start looking a little complicated if you get multiple clauses in the 
WHERE line (and maybe you're ambitious and do a simple inner join), but 
its probably still not bad. That can get translated into an API pretty 
easily.

Then there's the type of SQL that results in DBA's having jobs-- and 
deservedly so. Its *really* a very flexible and powerful language 
capable of doing quite a lot to bend, flex, twist, and interleave that 
data in the server while building up a result set for you.

I'm honestly only really in the former camp with a toe into the latter 
(I use aggregation and windowing functions over some interesting joins 
on occasion, but it takes effort). So I can't give a lot of serious 
examples to *prove* I'm right.

So I just have to say: based on my experience and admittedly limited 
imagination, converting the full expressive power of SQL into a regular 
sort of API would be a very, very, very hairy sort of mess. SQLAlchemy 
can do the layman's SQL, and can *kind of* do a *little bit* of the 
advanced stuff-- but usually, it does the advanced stuff by just making 
it very easy for you to shove it out of the way and do SQL directly.

But still: that's the structured part of SQL which belongs in a string. 
The data does not. It should be obvious that when a database provides 
you a mechanism to pass data in such that it doesn't need sanitization* 
at all, that's preferable to actually doing sanitization, even if you're 
divinely capable of perfect sanitization and even if sanitization is a 
trivial task that a monkey should be able to handle.

-- 

    ... Stephen Hansen
    ... Also: Ixokai
    ... Mail: me+list/python (AT) ixokai (DOT) io
    ... Blog: http://meh.ixokai.io/

P.S. *My computer /swears/ sanitization is spelled wrong. Either I'm 
high or it's high. Stupid old school mac mini.