encoredev
Database ORM
I am.astonished by both Encore and leap.new, and feel amazed it is a child born out of Spotify.
However it feels strange this framework incorporated raw SQL statements in its backend code - when ORM abstraction layers are standard for all modern web frameworks these days. It feels weird a blazing new framework from mid 2020s is still using outdated patterns such SQL statements in code. Or have I missed something?
An ORM in some projects can really feel like an unnecessary abstraction.
I think it's completely fair to allow raw SQL queries because even sometimes the thing you're trying to achieve exceeds the ORM capabilities so you use a raw SQL query for that and that shouldn't be considered as an antipattern or wrong. Is well known that complex projects uses raw queries too.
Other point in favor of allowing raw queries is that you can migrate legacy code to a more modern approach (in terms of architecture).
Yes I get your point but hope there are strong safeguards against SQL injections
The Encore runtime passes values as parameters to the database engine, which handles the sanitization. That’s why SQL injection isn’t possible, even with raw SQL. But if you concatenate client input directly into the SQL string, that protection can be bypassed.
ORM - Memory and processor resources are always necessary for each transaction I know what you heard about "heavy" requests - models of relationships make them very HEAVY ) Just IMHO We have this problem in projects, and to resolve it, we use native requests of the SQL strings ... I think that is not the core part, but it can be useful as an additional plugin
