deddit.petersanchez.com

Martin Fowler: ORM Hate (martinfowler.com)
from HaraldvonBlauzahn@feddit.org to programming@programming.dev on 23 Mar 21:12
https://feddit.org/post/27525422

This is a pragmatic piece of Fowler on the rather dry topic of Object-relational mappings - in short, the attempt to marry an object-oriented code base with a relational data base.

Usually you’d get enough early success to commit deeply to the framework and only after a while did you realize you were in a quagmire - this is where I sympathize greatly with Ted Neward’s famous quote that object-relational mapping is the Vietnam of Computer Science

What Fowler refers to here, is Ted Neward’s article “The Vietnam Of Computer Science”

#programming

threaded - newest

Olap@lemmy.world on 23 Mar 21:25 next collapse

Having seen what the ORM hate leads to. Just use the ORM folks. Far better in the long to do so! Nothing has come close to ActiveRecord imo in Typescript or Python sadly. Unless anyone has a library or two I should check out?

HaraldvonBlauzahn@feddit.org on 23 Mar 21:33 next collapse

Haven’t tried it, but functional programming methods (as in Clojure) combined with Datomic / Datalog sound interesting. It is said to be quite good.

hperrin@lemmy.ca on 23 Mar 23:17 collapse

You can check out my library, Nymph.js. It’s what powers Port87.

Unfortunately, I don’t have a whole lot of open source code showing how to use it, since it was developed specifically for Port87, which isn’t open source. But there are test files that show how to use it.

moonpiedumplings@programming.dev on 23 Mar 21:51 next collapse

I like ORM’s because they prevent sql injection. Mostly. Sql injection is a really bad vuln that’s nowhere near as ubiqitous as it used to be for every php app, and that’s partly due to ORM’s.

CameronDev@programming.dev on 23 Mar 22:37 next collapse

It’s a bit sad that sql injection is still a thing. It’s been a known problem for decades, and developers keep itching to reinvent the vulnerability over and over…

FizzyOrange@programming.dev on 23 Mar 22:52 collapse

You don’t need ORMs to prevent SQL injection. Prepared statements have existed for decades.

moonpiedumplings@programming.dev on 23 Mar 22:55 collapse

That’s what I thought too: programming.dev/comment/22854391

But it seems to be possible to still do them wrong.

Kissaki@programming.dev on 24 Mar 13:17 collapse

If you don’t use the parameter functionality of prepared statements, yeah. That also means you don’t use a prepared statement, you construct varying sql strings and prepare varying “prepared” statements.

e8d79@discuss.tchncs.de on 23 Mar 22:03 next collapse

I consider the ORM hate uninformed and misguided at best. Just like any other technology not all of them are created equally there are better ones and worse ones. I have used Entity Framework Core for years and have almost no complaints but If I only knew ORMs like NHibernate then I might have a different opinion.

cecilkorik@lemmy.ca on 23 Mar 22:19 next collapse

Two choices always seem to end up as the fate of any large scale, long-term developed database application. Either you use an ORM, or you build your own piece by piece. I know which one makes more sense to me.

Maestro@fedia.io on 23 Mar 23:39 next collapse

Same goes for any application that are proud to use "no framework". It just means that you partially implemented your own poorly documented half-assed framework.

uuj8za@piefed.social on 24 Mar 05:32 collapse

It’s a little more nuanced than that.

I will gladly write my own small, half-assed framework that I 100% know, can reason about, can debug, and can extend to fit my requirements. I will gladly pass on a fat-assed, bloated framework with a million dependencies, where I only need a few features, and where if I need something that isn’t offered by the framework I have to submit a PR or add some janky-ass workaround.

Maestro@fedia.io on 24 Mar 07:02 collapse

That is fine for your personal projects. It stops being fine as soon as you need to hire extra people and grow the team.

inzen@lemmy.world on 24 Mar 07:33 next collapse

Why though?

Tempy@programming.dev on 24 Mar 09:28 collapse

Does it, if you can work on the normal application code, there’s no reason you can’t work on the lower levels of applications. It’s all just code. Ramp up might take a bit more time, but I wouldn’t expect horrendously so. As long as your patterns make sense and what is there is written well enough and is not a spaghetti monster in the making, any one should be able to pick it up.

[deleted] on 24 Mar 04:28 collapse

FizzyOrange@programming.dev on 23 Mar 22:55 next collapse

ORMs are a pain and so is hand rolling SQL queries and doing the mapping manually.

I definitely think there’s scope for NoSQL databases where the database “shape” matches the normal struct style of programming languages. Kind of like how JSON does and XML doesn’t.

But it seems like all we got was MongoDB and Firebase which are both shit.

Are there any good NoSQL databases? MongoDB and Firebase don’t even have schemas.

moonpiedumplings@programming.dev on 23 Mar 22:57 next collapse

Postgres jsonb?

Maestro@fedia.io on 23 Mar 23:37 next collapse

The real problem is that most data is inherently relational, and trying to force it into a document database is just as problematic as ORMs are.

MirrorGiraffe@piefed.social on 24 Mar 06:00 collapse

Mongoose solves the schema part, or typegoose is you want it to generate types on the go as well.

My problem with mongo is that I always end up realising the advantages of SQL down the line, but I guess many of those projects wouldn’t have gotten that far without mongo being so damn nice in the beginning.

hperrin@lemmy.ca on 23 Mar 23:14 next collapse

I’m starting to think more that I shouldn’t call my library, Numph.js, an ORM. It technically is one, but it’s very different than other ORMs. A lot of the stuff he’s talking about here doesn’t apply to Nymph (for better or for worse). I just don’t know what to call it though.

BrianTheeBiscuiteer@lemmy.world on 23 Mar 23:32 next collapse

I love asking new hires about ORMs. If they don’t have anything bad to say about them I know they’ve never used them.

eager_eagle@lemmy.world on 24 Mar 00:47 next collapse

I’ve never worked on a codebase where using ORMs wasn’t better than rolling your own queries. What are people writing that they actually need the marginal performance gains? And even if that’s worth it, why not just use raw queries in your critical paths?

Every time I have to write or modify raw SQL it feels like I’m throwing away all my static checking features and increasing the chance of bugs, because I have no idea of the query matches my schema or if it’ll blow up at runtime.

SorteKanin@feddit.dk on 24 Mar 05:14 next collapse

Your last paragraph can be fixed even without an ORM though. Rust has libraries like diesel and sqlx that verify the sql in various ways.

criss_cross@lemmy.world on 24 Mar 09:55 collapse

I worked in a codebase at a FAANG company that didn’t have an ORM and it was the most miserable thing to write and code review. Constantly there would be bugs in queries and types. I missed having an ORM so much.

Ephera@lemmy.ml on 24 Mar 07:08 collapse

Yeah, this is one of those issues that I feel separates the seniors from the, uh, less experienced seniors. (Let’s be real, as a junior, you know jackshit about this.)

Knowing when to use an ORM, when to use SQL vs. NoSQL, all of that is stuff you basically only learn through experience. And experience means building multiple larger applications with different database technologies, bringing them into production and seeing them evolve over time.

It takes multiple years to do that for one application, so you need a decade or more experience to be able to have somewhat of an opinion.
And of course, it is all too easy to never explore outside of your pond, to always have similar problems to solve, where an SQL database does the job well enough, so a decade of experience is not a guarantee of anything either…