My recent article about SQL injection has stirred some serious emotions on JCG. I don't want to keep it from you! An extract: [...] The idea that if I use an ORM, my SQL injection woes will magically go away is f***ing harmful, shortsighted, and anybody who thinks that should be kicked squarely in a sensitive … Continue reading Hilarious Rant about SQL Injection
When will we have LINQ in Java?
LINQ is one of Microsoft's .NET Framework's most distinct language features. When it was first introduced to languages such as C#, it required heavy changes to the language specification. Yet, this addition was extremely powerful and probably unequalled by other languages / platforms, such as Java, Scala, etc. Granted, Scala has integrated XML in a similar fashion into … Continue reading When will we have LINQ in Java?
Database Abstraction and SQL Injection
I have subscribed to various user groups of jOOQ's competing database abstraction tools. One of which is ActiveJDBC, a Java implementation of Active Record design pattern. Its maintainer Igor Polevoy recently claimed that: SQL injection is a web application problem, and not directly related to an ORM. ActiveJDBC will process any SQL that is passed to it. … Continue reading Database Abstraction and SQL Injection
NOT IN vs. NOT EXISTS vs. LEFT JOIN / IS NULL: MySQL
When you're spoiled with Oracle's fabulous query transformation capabilities and its really well-done cost-based optimiser, then you might forget how difficult SQL query tuning used to be in the "old days" or with those less sophisticated databases. Here's a really nice explanation of the various means of implementing an ANTI-JOIN in MySQL: http://explainextended.com/2009/09/18/not-in-vs-not-exists-vs-left-join-is-null-mysql/
Open source user rants
So far, I have escaped jOOQ user rants and insults. Maybe it's because jOOQ is still quite a niche product. Maybe it's because jOOQ has almost no bugs ;-) The only real rant I've seen so far is this one by a contributor to JDO, JPA, EJB 3.0: http://erix-data-services.blogspot.ch/2010/10/jooq.html An extract: How should we react … Continue reading Open source user rants
“NoSQL” should be called “SQL with alternative storage models”
Time and again, you'll find blog posts like this one here telling you the same "truths" about SQL vs. NoSQL: http://onewebsql.com/blog/no-sql-do-i-really-need-it (OneWebSQL being a competitor of jOOQ, see a previous article for a comparison) Usually, those blogs aim for the same arguments being: Performance ("SQL" can "never" scale as much as "NoSQL") ACID (you don't … Continue reading “NoSQL” should be called “SQL with alternative storage models”
Funky String Function Simulation in SQLite
SQLite is so light, it doesn't have any useful string functions. It doesn't have ASCII(), LPAD(), RPAD(), REPEAT(), POSITION(), you name it. It does, however, have a wonderful RANDOMBLOB() function. So if you really need a good random number generator, use a SQLite database and generate a 1GB blob. That should give you a couple … Continue reading Funky String Function Simulation in SQLite
Array, list, set, map, tuple, record literals in Java
Occasionally, when I'm thrilled by the power and expressiveness of JavaScript, I find myself missing one or two features in the Java world. Apart from lambda expressions / closures or whatever you want to call "anonymous functions", it's the use of advanced literals for common data types, such as arrays, lists, sets, maps, etc. In … Continue reading Array, list, set, map, tuple, record literals in Java
MyBatis’ Wicked Statement Builders
Now here's one of the most wicked API's I've seen in a while! MyBatis is well-known as a database abstraction framework on top of JDBC, allowing for externalising SQL into files, loading them at appropriate places in your Java code. For those of you who like this approach, you may be used to statements similar … Continue reading MyBatis’ Wicked Statement Builders
FOR UPDATE simulation in SQL Server and CUBRID
Pessimistic locking is useful every now and then when you explicitly want to lock a given set of rows for a subsequent UPDATE, or for database-based inter-process synchronisation and locking. Normally, you would use the SQL Standard FOR UPDATE clause, which is supported in most databases. A SQL standard example -- This statement will produce … Continue reading FOR UPDATE simulation in SQL Server and CUBRID