this post was submitted on 23 Mar 2026
27 points (90.9% liked)

Programming

26206 readers
405 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
27
Martin Fowler: ORM Hate (martinfowler.com)
submitted 1 day ago* (last edited 1 day ago) by HaraldvonBlauzahn@feddit.org to c/programming@programming.dev
25 comments fedilink hide all child comments
 

This is a pragmatic piece of Fowler on the rather dry topic of Object-relational mappings - in short, the attempt to marry an object-oriented code base with a relational data base.

Usually you'd get enough early success to commit deeply to the framework and only after a while did you realize you were in a quagmire - this is where I sympathize greatly with Ted Neward's famous quote that object-relational mapping is the Vietnam of Computer Science

What Fowler refers to here, is Ted Neward's article "The Vietnam Of Computer Science"

you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings@programming.dev 6 points 1 day ago (2 children)

I like ORM's because they prevent sql injection. Mostly. Sql injection is a really bad vuln that's nowhere near as ubiqitous as it used to be for every php app, and that's partly due to ORM's.

[–] FizzyOrange@programming.dev 19 points 1 day ago (1 children)

You don't need ORMs to prevent SQL injection. Prepared statements have existed for decades.

[–] moonpiedumplings@programming.dev 3 points 1 day ago (1 children)

That's what I thought too: https://programming.dev/comment/22854391

But it seems to be possible to still do them wrong.

[–] Kissaki@programming.dev 4 points 17 hours ago

If you don't use the parameter functionality of prepared statements, yeah. That also means you don't use a prepared statement, you construct varying sql strings and prepare varying "prepared" statements.

[–] CameronDev@programming.dev 3 points 1 day ago

It's a bit sad that sql injection is still a thing. It's been a known problem for decades, and developers keep itching to reinvent the vulnerability over and over...