My recent article about SQL injection has stirred some serious emotions on JCG. I don't want to keep it from you! An extract: [...] The idea that if I use an ORM, my SQL injection woes will magically go away is f***ing harmful, shortsighted, and anybody who thinks that should be kicked squarely in a sensitive … Continue reading Hilarious Rant about SQL Injection
LINQ is one of Microsoft's .NET Framework's most distinct language features. When it was first introduced to languages such as C#, it required heavy changes to the language specification. Yet, this addition was extremely powerful and probably unequalled by other languages / platforms, such as Java, Scala, etc. Granted, Scala has integrated XML in a similar fashion into … Continue reading When will we have LINQ in Java?
I have subscribed to various user groups of jOOQ's competing database abstraction tools. One of which is ActiveJDBC, a Java implementation of Active Record design pattern. Its maintainer Igor Polevoy recently claimed that: SQL injection is a web application problem, and not directly related to an ORM. ActiveJDBC will process any SQL that is passed to it. … Continue reading Database Abstraction and SQL Injection
When you're spoiled with Oracle's fabulous query transformation capabilities and its really well-done cost-based optimiser, then you might forget how difficult SQL query tuning used to be in the "old days" or with those less sophisticated databases. Here's a really nice explanation of the various means of implementing an ANTI-JOIN in MySQL: http://explainextended.com/2009/09/18/not-in-vs-not-exists-vs-left-join-is-null-mysql/
So far, I have escaped jOOQ user rants and insults. Maybe it's because jOOQ is still quite a niche product. Maybe it's because jOOQ has almost no bugs ;-) The only real rant I've seen so far is this one by a contributor to JDO, JPA, EJB 3.0: http://erix-data-services.blogspot.ch/2010/10/jooq.html An extract: How should we react … Continue reading Open source user rants
Time and again, you'll find blog posts like this one here telling you the same "truths" about SQL vs. NoSQL: http://onewebsql.com/blog/no-sql-do-i-really-need-it (OneWebSQL being a competitor of jOOQ, see a previous article for a comparison) Usually, those blogs aim for the same arguments being: Performance ("SQL" can "never" scale as much as "NoSQL") ACID (you don't … Continue reading “NoSQL” should be called “SQL with alternative storage models”
SQLite is so light, it doesn't have any useful string functions. It doesn't have ASCII(), LPAD(), RPAD(), REPEAT(), POSITION(), you name it. It does, however, have a wonderful RANDOMBLOB() function. So if you really need a good random number generator, use a SQLite database and generate a 1GB blob. That should give you a couple … Continue reading Funky String Function Simulation in SQLite