Almost always raw sql. Here's why: - I know exactly what I'm getting. - The query can be run completely independent from my app. - The query can be shared between multiple apps. - I can always find a DBA who can read raw sql. - I never have have to debug an abstraction for corner cases. - Every single advanced feature of my database is supported and works exactly as documented. - If I use a different language on a new project, my SQL knowledge is still valid.
I heard that it would be better to control the security part easily with using ORM while programmers need to think lots of things with the raw SQL for the security.
+1. "- The query can be run completely independent from my app." is what really took the cake for me. It allows for food system abstraction where the database creation and its usage are well separated.
With that said I have now got the task to build a DAL which generates a consistent way of extracting data from 15 tables. Sql-alchemy core has actually helped me a lot creating some of the dynamic parts of the queries.
Most of the tech debt I’ve come across has been caused by orm generated queries. It gets to the point where at scale you just have to use raw sql or you’ll be dealing with contention. Soft deletes, inserts are all a nightmare via ORMs. There are instances where an ORM will come in handy, such as building something quick, but it’s important to know the caveats of doing so; mainly that you’ll be hiring a sql person to refactor your ORM queries as you scale.
Note that, if you use e.g. Mapped[str] = mapped_column(...) - the nullability is also derived from the Mapped type. Mapped[str] would be NOT NULL in your cases, and you need either Mapped[Optional[str]] or Mapped[str | None] to allow NULL (or I believe set nullable=True explicitly)
Really great topic! I have experimented with ORMs but I just keep going back to raw SQL. I know exactly what's going on in my queries, I can get really nitty-gritty with optimizations, and it works with any language. It certainly can get rocky "manually" handling the mapping between python objects and their representations in a database, but there's no perfect solution for that I guess.
I'm in the raw SQL camp. Only one feature makes me doubt it sometimes: Data validation that can be built into the ORM through pydantic. If not for that, I wouldn't quite see the point in abstracting away the SQL.
Subscribed for the smoke-signal, sign-language, and Binary Clown-based SQL queries. glad I finally found a channel paying attention to the bleeding edge of clownbit accessibility 🙏
I'm a data cientist and I use raw SQL. Now I am writing a internet app for my wife's company and deciding which approach I must use. And with your video I decided: raw SQL. ORM can't use all the potencials that a SGDB could give. Thanks for the video.
I've only ever used an ORM when I first started out writing c# with entity framework. It was really good to be honest, but I moved to nodejs and for whatever reason I decided to go raw SQL and honestly haven't noticed any productivity loss. Thinking in SQL is actually very easy. It's algebraic after all.
I've always preferred the raw SQL. I need to know it anyway, to find my way through the database, review and validate the data, etc. My approach, most of the time, is to design and test the SQL on its own, in a SQL editor. After that I integrate it in the client code, with the confidence that the SQL works.
Unless you know SQL well, using the other two would be a mistake. But to be honest, ORM is something you'll regret down the road when you scale. Raw SQL is what I recommend, it'll scale well and it's something you need to learn anyway.
I use raw SQL as functions with typed obj params. Using some custom helper functions, the SQL is compiled and executed. I dont use ORMs or "?" args though since I find them unreliable.
The main problem with ORM is when you fall into the trap of stopping to think about and harness the power of the relational database model. You limit your possibilities and don't even notice. And I'm not talking about complicated queries here. Eg. with an ORM you can easily load big, deeply nested data from the DB into an Object. This is nice but can produce dramatic performance issues. This is not hypothetical. Been there, done that, didn't like the t-shirt.
A lot of people assume that the sole purpose of an ORM is to provide an abstraction over SQL. But the important thing about an ORM is that it maps result sets into objects. ORMs often (always?) do provide that abstraction layer over SQL but where we're often dealing with APIs that are expected to return result sets in JSON, it's the object mapping that's their most important function. Some ORMs take that "Object Mapping" idea a little to literally and only map data into "strict OOP" objects with some kind of class definition but often all we actually need is for the result set to be returned in a collection of nested dictionaries.
Yes this is correct. The main benefit is mapping them to objects. The full on builder pattern stuff for sql really comes into play in a massive project and large databases with complicated relations. For the most part you only need a micro ORM
@@lawrencedoliveiro9104 just wait til you’re writing queries that require data from 5+ tables, complex triggers, very specific repetitive logic, etc. SQLAlchemy 2.0’s ORM module is amazing 😊
8:02 DBMSes themselves usually provide some kind of introspection facilities, though this varies a lot. For example, SQLite provides enough information that you should be able to programmatically derive the entire database schema without having to parse actual SQL, while MySQL/MariaDB is a bit more limited. The question is: do ORMs make use of this? Doesn’t seem like it.
I almost always use raw SQL. And when I do, I use the Jetbrains IDE, such as Pycharm Professional (not community version). It has such great support for database which amongst other things: 1) SQL syntax highlighting and SQL code completion from within the .py file 2) Ability to run SQL query from any SQL text string in the .py file directly to the query console 3) Provide ability to jump to SQL table or views definitions from python code... I do love VS Code. But as much as I love VS code, when it comes to any Python code that I need to use raw SQL, Jetbrains IDEs just blows VS Code out of the water. But of course, the con is it is not free :-)
DataGrip... The only good thing that I could say about it... It's JetBrains - it looks like JetBrains, integrates with JetBrains - that's all. It's laggy, underperforming, full of bugs (it cannot even parse Sql Server structure properly). Putting it behind a pay wall is a big "no no" for me. Dbeaver community is free and does its job far more better...
While I like ORMs because they get you going fast on projects when you aren’t really interested in how the underlying queries are written / work, I’m in the camp of using raw sql and the native drivers for the languages I use (Java, Python or TS). It’s great because you can continuously practice your sql skills while writing app code, you can get full control over the sql and functionality and you can optimize right within the implementation. Plus writing sql is fun.
Would be interested in a part 2 where you give your thoughts on which to use given the application use case. My understanding is an ORM can help with a multi-user application like a Web frontend, where throttling to the DB might be necessary. In either event, it seems you need to know the SQL query you need (obviously) so would be a stretch to go above and beyond unless for performance or security. Thank you!
I prefer raw queries. They allow for better optimization, and the SQL engine you use is far less likely to change than the programming language you access it from. ORMs kinda bear additional overhead in that you need to define your schema twice(in you mappers and in your migration scripts), while the other two only need it defined in one place. Also, no matter which you pick you're still learning and executing all of the same SQL concepts. I've kinda landed in the camp that the only scenarios in which an ORM is being used effectively are also scenarios where you don't actually need an ORM.
I use raw sql statements because my ide connects to my database and gives me auto completion on sql statements anyways. Although, always having to convert lists of tuples into something usable is a bit of a pain.
Excellent content as always. Worth mentioning that ORMs might perform worse in some cases. And it's still very important to know SQL because you know.... Sometimes the abstraction magic doesn't work and you gotta look under the hood.
The some is a bad choice of word. The absolute majority of anything beyond the absolute basics is what my experience tells me. I've lost count of the times I've replaced ORM code with a few well reasoned lines of SQL and improved performance by 3 orders of magnitude.
@@magfal yup, the more abstraction an ORM has, then anything more complex than basic CRUD gets absurdly complex if not plain simply impossible... luckily there are workarounds like using custom native SQL then just mapping the results, but then you have a mix of structured and freetext anyway...
Definitely at least know how to use Raw SQL if needed. As a Database Admin I can say, there are times when the generated SQL from any option other than RAW is less than optimal. One thing i do is look for SQL statements that use a ton of resources and suggest ways to make them better. An example i had a few years ago, the sql sent to the database by some auto generated tool was 7 pages printed out. I printed the SQL and used a pen and highlighter and rewrote the SQL to 3 pages. The one i wrote ran in about 1 second, the one the app sent ran for 2+ hours. I gave the developer the new sql statement and he was confused as to how to fix his application. Eventually we found another developer to help him fix it. This kind of thing happens on large complex systems all the time. Its nit really an issue with small simple queries but at least know how to do this, you never know when it may be needed.
I am trying to learn sqlalchemy but that's really hard. Hey I just found out about something called codon. You could do a video on that, the differences and the multithreading. That looks dope. Love your content!!!
I guess what I'm curious about is what is the right way to persist Python objects to DB so that your applications state is sensibly captured? And then on the flip-side, how should application objects stored in DB be sensibly retrieved?
Hi Arjan, about a year ago I was learning SQL with PostgreSQL and eventually MySQL. My first programming language was SQL before jumping onto python. My SQL is a bit rusty now I am learning Django's ORM and I must say personally I prefer raw SQL versus the ORM. The ORM doesn't feel as powerful as SQL from MySQL or POSTGRESQL. Now the question is, how can I use a SQL database on my Django project versus using an ORM? I would prefer to open up the MySQL and creating the database, tables and rows myself versus using an ORM for my project, but I haven't figured it out yet. Thanks for the video.
Hey Arjan, I started learning programing with Python, curently I work as SQL Developer and more spesificaly Transact-SQL (Microsoft SQL Server). I loved the power of ORM when I was learing to code with Python and Django. However now after I worked for so long with raw SQL I can honestly say there are some stuff that the database does that ORM can't, for example, reating indexes, stored procedures, optimising execuition palans and so on. Overall I believe even with ORM you can leverage it even more when you give a go learing sql database and how it work. Thanks for the video it was really cool to see.
Given that I mainly inquire about metadata related topics such as listing views, tables, columns, and data types using various database providers (both cloud-based and on-premises), what would be the optimal choice for me (if it even makes any difference)?
Can you do sql Injection with the case you shown at the beginning? I think sqlite3 supports one operation per cursor execution. I don’t see how you can do sql injection in that query.
@@oprea1991 If the code was running in sql -> and the limit value given by the user was say "10;drop table users;" it would run the sql query generated and then run the second query
I love taking a break, watching your channel and reading the comments. I think my brain grows every time.😂. I really like the implicit handling of transactions using ORM with SQLAlchemy. I think it just makes the code cleaner when working with tables that are unlikely to change. But when doing machine learning or exploratory data analysis the flexibility of SQL would certainly be the way to go.
Arjan, you could have demonstrated the built in SQLalchemy query language, using native python syntax to filter, group and so on to demonstrate that you don't have to learn sql at all. I think i the biggest strength of SQLAlchemy similiar to hibernate/nhibernate in java/C#
Hi Arjan thx for fine video. SQLAlchemy has architecture is onion layered, so you can use Query Builder in sqlalchemy it is called Core. I usually use it with custom python slot-ed dataclasses. I like the core does not change so often as ORM layer and provides: - query flexibility (you can always fall back to text query) - good protection against vulnerabilities - tables definition and create_all metadata ( DataDefinitionLanguage )
12:50 I deal with that in one of two ways: * For some projects, there will be a schema file containing the requisite CREATE TABLE statements, included in the source tree and version-controlled along with everything else. * For other projects, particularly ones using SQLite, the program itself will automatically create the necessary tables each time it is asked to create a new database, so the CREATE TABLE statements will be in the program source code.
I'd definitely stick with an ORM. For databases which are changing in the development phase you can use mirroring to have the ORM pull it's shape directly from the tables it's accessing. Also, if you do run into a very tricky corner case where you need to construct a raw SQL query you can send that with the ORM, or you could create a view in the database itself and point the ORM at that.
@@sachinfulsunge9977when you use an ORM, you know how you have to specify the tables and the columns you have in your database? Well ORMs can do that for you - they look at the database and create classes that “mirror” the tables and columns. I don’t know about SQLAlchemy, but if you ever use Prisma, then you would run: prisma db pull (You may need to add “npx” or whatever package manager you’re using before the command)
I like Sqlalchemy as it gives you ORM and Core so you can choose to do SQL with Core if you need it for something more complex than is practical with the ORM.
The fancier of a helper layer you use, like an ORM being fancier than query builder, the greater the risk that some security or other lacking feature bites you in the future. I see many older code bases having trouble due to unsupported or difficult to upgrade helper layers.
if you are new learn SQL skip the BS of ORM the only safe way i find ORM is for basic queries that don't join , if you start putting queries in for loop in your application its time to learn proper sql or just skip the BS and learn SQL
30 years of writing SQL. An ORM such as sqlalchemy gives you the ability to compose SQL in parts. I usually write the sql and then build the sqlalchemy. This is not really 'object relational mapping' but more of an abstraction. A lot of the time my query is using the metadata and does not even have a class for the table.
Most ORMs are limited by supporting multiple databases since it forces usage of the lowest common denominator. In the case of postgres that means you leave 80% of the potential behind.
@@robertmazurowski5974 if you ingest a list of customer or a list of products it's a bulk action. Accepting an Excel through a web interface, validating and importing from it is a good user experience for some people.
As a data analytics engineer, I personally use raw SQL most often to keep queries portable between apps and people, and to make optimization easier. Something which always bothers me: SQL is great, but it's sometimes not as testable as something like PySpark Dataframe API or functions built on ORM. There is value in specifying a query plan in chunks that may be isolated and re-used...though it doesn't always work out as nicely. SQL tends to demand more integration testing, which is fine too.
Isn’t the primary use case for ORMs is that you develop an OOP app, and the ORM can load and save your object’s state to the database and vice versa, so that you don’t have to write the mappings manually?
Have you measured this? FWIW, the OS is VERY good at caching recently opened files, and it's not as if you're having to wait for spinning disks anymore. So the overhead is really fractional, when compared to the time taken in the SQL layer anyway.
I often use a hybrid of ORM and raw SQL: Some more complex parts of a query I might write as raw SQL, then pass them into the ORM alongside more standard things like selecting normal columns and making reasonably simple joins. I do sometimes use the SQLAlchemy `with_hint` method to force certain indexes to be used. One very important thing to note about SQLAlchemy is that it has a `Core` and an `ORM` - I know SQLAlchemy 2.0 changes some of this up, but we are still on 1.x. The `Core` side compiles statements, executes them and returns simple tuples of the raw data. The `ORM` side can allow you to fetch an entire row of the table, loaded as a Python Class, meaning you can have your own custom methods defined on that class for calculated properties used later, or for common functions to update fields on the row all at once. The ORM query can be much bigger (it will fetch all fields on a table), but can be powerful if you want are try to be Object-Oriented - you effectively treat each row of a table as an Object. Though, again, for many situations where speed of queries is important, you often just want to load the limited data you need and keep it quick. (That said, SQLAlchemy have 'Bundles' which allow you to subclass the main Class for a Table and limit down the columns loaded - SOOOO helpful for speeding up some of my queries loading a half-dozen columns of a 30+ column table) The SQL Injection protection is massive for a webapp if we are using customer input in the query (especially searches!) and resorting to raw SQL, even in part, needs that little more careful attention to prevent possibilities.
I am not really experienced with this stuff, can I ask you for a bit more detail? Wouldn't that make things just a bit more confusing overall rather than just using one method? Or is this for a particular use case? Trying to decide what I should go for for my first web app. Also I am probably going to be using Django's ORM if I do, as I will use it as a framework, so if you have any thoughts on that too that'd be great. Thanks :)
What is lost is the use of SQLite itself. For other DBMSs, they provide a driver which is usually a dynamic C library. This library may be written differently depending on the different standards for defining APIs or it may be a custom API for the database itself, such as ODBC, etc. Eventually, this API can be used with a protocol, for example, when connecting to a certain database, you need to send this URL and the username and password. But for SQLite, interestingly, the driver itself is part of the database
Please talk about stored procedures. For mature schemas that contain deeply derived tables, I believe SPs to be arguably the best option for secure, efficient & idempotent inserts/updates.
Why I prefer raw sql over ORM's is because the things you learn from raw sql can translate over quite easily to other sql type languages. Whereas, with ORM's, going from one ORM to another is not as simple. This is even more of an issue if you work with multiple programming languages on the backend as they will have their own ORM's you need to learn as well. Raw SQL does not have this issue. Other advantages are sometimes the queries it generates are not the most efficient. Even some of the methods you use don't do what you expect them to. Prisma was one that messed me up. ORM's may also not have all the features that the sql language provides due to its complexity, maturity in the ecosystem or simply because the feature itself is very new and not yet supported.
Great video! Another point to touch on are database migrations. With SQLAlchemy you can use Alembic to auto-generate your migration files based on your Python DB models. It's not perfect, but it does 90% of the job. With Raw SQL or SQL query builder you have to write migrations by hand. Would you still use Alembic to manage these migrations or something else?
A really nice feature I've seen experienced teams develop on top of ORM is some way to automate writing (or refreshing) those data classes by pre-reading tables in the database once. Seems like a natural addition to an ORM library.
I prefer to work directly with raw SQL defined in files. This way is independent of language, gives more flexibility to tuning queries, and everyone can read and understand queries without learning a new framework,
There is a point with ORM I really don't like is that most of them are following the Active Record pattern. That is to say it couples data to model (most of the projects I've seen, ORM classes became domain models, and that's a pain). Raw SQL or query builders allow much more decoupling. Note that SQLAlchemy can work as an Active Record, a Data Mapper and a Query Builder!
@@manuelstausberg8923 Active Record is also known as "anemic domain model antipattern". It is ok to use it when business logic is simple, when all you have to perform with your model are CRUD operations. When the business logic begins to be complex, uncoupling the models from the data is essential.
Exactly, if you like the repository pattern, you can use it. by the way AR pattern is not that bad. someone saying it is a antipattern they are just plain wrong
Cursor creation and extraction of results is such a common pattern that I like to wrap it up in a generator function, e.g. def db_iter(conn, cmd, values = None, mapfn = lambda x : x) : for item in conn.cursor().execute(cmd, values) : yield mapfn(item) ♯end for ♯end db_iter What is the point of the mapfn arg? When returning a given list of field_names, you can turn the result into a dict with something as simple as mapfn = lambda row : dict(zip(field_names, row))
4:16 Fun fact: the awkward “PostgreSQL” name arises from the fact that the original Postgres DBMS had its own query language, called QUEL. This was in the early days of relational DBMSes, when SQL was still gathering momentum but hadn’t quite become totally dominant yet. So when they finally gave in and adopted SQL as a query language, they had to indicate this by grafting this new thing on the end of their name, with slightly unfortunate results.
My database is using SQL, so I'm using SQL when talking to it. I've too often been in a situation where I knew exactly what to do in SQL, but the dumb, annoying, stupid, broken, limited or otherwise deficient query builder or ORM prevented me in doing what I wanted. i have a colleague who absolutely love these query crutches and his code is always more lines of code, it can't executed outside the program for debugging and sometimes it's actually complicated to see what the thing is doing. I hate it so much. For the love of all that is good and holy, please, please use SQL when you're talking to a SQL server.
Raw SQL. I have over 35 years experience. There are lots of reasons why ORM and builders are bad. I'll enumerate a few. * Readability * Context * Transactional control * Concurrency control ORM and builders might be good for CRUD or reporting, but for serious coding they're a liability.
I would be interested in your views on if and when to move these kind of queries to stored procs and just use procs instead. I understand there are benefits to that, but I'm not sure what the downsides might be beyond having an extra place that you need to keep track of changes to your logic when iterating on a particular feature.
ORM, fallback on (own) queryBuilder, fallback on plain SQL. ORM is IMO more to let the "next guy" working on the entity - so he|she does not have to care what the tbl name is, or w/e. Also: ORM should have ::getData(string key = null) and ::setData(mixed key, mixed value = null) to be able to use new columns that are not implemented yet.
Your raw SQL had a LEFT join, but it looked like in SQLAlchemy you just used .join - are these the same? Or is that specific to the setup of your model classes?
I think ORM's are better choice, I like the part where I can see what's going on with my dB and how it is structured. I do can get irritated when I want to change the structure of the tables or database I have created dynamic system in Python which generates with generates schema and alters the schema automatically instead of hard punching them in the program
I have odd issue, in my application one of procedure purpose will return data from previous record. This procedure never had any issues running on windows xp and sql 2000 server. But same procedure running on windows 10 and sql 2014 returns null character intermittently even though the previous record has valid data. Any suggestions how to identify the root for this issue? Tools,method, etc?
Yeah. Objects are often in some hierarchy relationship, either through inheritance or composition. Relational databases are arranged in a tabular relationship. I heard somewhere this tabular structure was designed to deal with the slowness inherent in searching slowness on magnetic disks. The keys are used internally by the database engine to jump to the right sector ...
The concept of relational databases arose from the mathematics of data relations. Remember what came before: there “hierarchical” databases (e.g. IBM’s IMS) and “network” databases, a.k.a. the CODASYL model (which some are now trying to revive in the form of “graph” databases). Both of these were very much tied up with on-disk structures and explicit indexing and linking and all the rest of it. So any changes to your database structures, even just wanting to optimize things a little, required changes to your code. Relational databases abstracted away from all these implementation issues, and helped a lot with decoupling code from low-level on-disk structures.
Just wanted to put it out there that there is a standard language: ANSI SQL, and most databases try to implement as close to it as possible. It is true there are dialects, but these days the differences are more in the functions and features the DB offers. Except in the case of TransactSQL, that is a 🗑️ dialect 😂
What's the best for building a database that constantly has new columns being added to some of the tables? I currently have a flimsy solution that's driving me maaaaaad
Ideally you should design the database so that the columns don't have to change that often. If that's not possible, you could look into a NoSQL database as that puts less constraints on the structure of your data.
5:05 If it was a “%d” format specifier and you used printf-style formatting, then it cannot be substituted with anything other than a decimal integer. Problem solved.
Thanks Arjan, interesting video, as always. A question: do these options make any difference in terms of trying to set up and maintain a "clean architecture" for an application? From reading online, I got the idea that ORMs can help you interface between inner layers, which handle business logic, from outer level "details" like the specific database you use. But, watching your video, I wonder if you can't also do that decoupling with raw SQL or query builders. Maybe using raw SQL makes changes to the DBMS more cumbersome to manage? But, at the same time, if you are at an early phase in your project, and your database data models are still not stable, does ORM actually help? It seems like ORMs help you decouple from the DBMS, but actually increase coupling to how relations are defined inside the database... Does that make any sense? Anyway, excuse me for the digression, and thanks again.
If we use pandas or polar with SQL db with a custom context manager... Then pd.read_sql(), df.to_sql() .. Does this simpler way... Sql is not that simple way to do complex queries, when pandas do nested filtering with simple pipe method after using pd.read_sql()
ORM has much more features than shown. It's like comparing Django, FastAPI and build-in HTTPServer. All will handle requests, but you need to spend weeks to understand what the trade-offs between them are. Same with ORM. Control is always the price you pay when picking an abstraction, but we should be fully aware what the get instead. My default is ORM and if I need control or optimization, I drop raw SQL here and there.
It’s personal preference. I prefer writing SQL. Well, I do SQL for 25 years, so it’s muscle memory for me. But I do understand people who prefer ORMs. In big projects I use stored procedures, materialized views, etc. I recently learned that some people think this is bad practice. Well, in the end, a software must do it’s job and the customer must be satisfied.
Can you make a video on how you work around your own database migration. I mean orm like sqlalchemy there is alwmbic but what if I'm using a query builder how will you do that please make a video on it
If there are multiple dataset that needs to be merged (which is often the case since you use relational tables to optimise a database), I always stick with Raw SQL. I also find time zone manipulation a huge pain in any scripting language whilst in SQL it typically a 1 line change.
The problem I've seen with ORMs is that developers get a bit lazy, and/or don't know exactly what some database accesses are doing, and end up writing code that completely mullers the database performance, like by triggering complete table scans multiple times, or just pulling in giant tables entirely when all they needed were a few rows and columns. And then they go "we need a faster database engine and/or more processing power", which is especially frustrating when the old code they are "modernizing" was lightnig fast. I've seen some experimental projects where you can write some kind of orm/api/stored-proc interface, where you don't define a mapping to tables directly, but to these stored procs which are custom to exactly what the programmer wants to query. But I don't think any of those ever got off the ground.
Raw SQL is great. Query builders are okay. ORMs are okay if they're stable and have broad community support, and let you drop down to raw SQL. Just don't build your own ORM, if you do I'll hunt you down and show you all the sql injection bugs I'm currently fixing in my company's in-house ORM. You'll have nightmares for months.
👷 Join the FREE Code Diagnosis Workshop to help you review code more effectively using my 3-Factor Diagnosis Framework: www.arjancodes.com/diagnosis
I'm a data engineer. I almost always use raw sql because I can more explicitly optimize queries
Incroyable.
Same, for my de work, it's better to write it once and use it multiple times with better efficiency for specific job
DS/DA same
I don’t even optimise the queries. I can just run them in my head faster.
Data Scientist here,
Same I Prefer to use raw sql.
I find Case statements within a window statement to be extremely useful
Almost always raw sql. Here's why:
- I know exactly what I'm getting.
- The query can be run completely independent from my app.
- The query can be shared between multiple apps.
- I can always find a DBA who can read raw sql.
- I never have have to debug an abstraction for corner cases.
- Every single advanced feature of my database is supported and works exactly as documented.
- If I use a different language on a new project, my SQL knowledge is still valid.
Amen. Also, if you're using a language with compile time code execution there might be libraries available that check that your SQL code is valid
Another thing is, there are no language-independent ORMs. I do some stuff in PHP also, so I have to learn SQL anyway, I might as well do it properly.
Just noobs curious, don't you worry about a security such as a SQL injection?
I heard that it would be better to control the security part easily with using ORM while programmers need to think lots of things with the raw SQL for the security.
+1.
"- The query can be run completely independent from my app." is what really took the cake for me. It allows for food system abstraction where the database creation and its usage are well separated.
My databases are typically complex. Never found abstractions around the SQL helped me. Just going raw SQL
With that said I have now got the task to build a DAL which generates a consistent way of extracting data from 15 tables. Sql-alchemy core has actually helped me a lot creating some of the dynamic parts of the queries.
Most of the tech debt I’ve come across has been caused by orm generated queries. It gets to the point where at scale you just have to use raw sql or you’ll be dealing with contention. Soft deletes, inserts are all a nightmare via ORMs. There are instances where an ORM will come in handy, such as building something quick, but it’s important to know the caveats of doing so; mainly that you’ll be hiring a sql person to refactor your ORM queries as you scale.
I like SQLalchemy, but I think raw SQL is a very useful skill to master, it is been around for ages and it will be around in the future as well.
Thanks for the video Arjan! It's always advisable to close the connection when you're finished querying.
Note that, if you use e.g. Mapped[str] = mapped_column(...) - the nullability is also derived from the Mapped type. Mapped[str] would be NOT NULL in your cases, and you need either Mapped[Optional[str]] or Mapped[str | None] to allow NULL (or I believe set nullable=True explicitly)
Really great topic! I have experimented with ORMs but I just keep going back to raw SQL. I know exactly what's going on in my queries, I can get really nitty-gritty with optimizations, and it works with any language. It certainly can get rocky "manually" handling the mapping between python objects and their representations in a database, but there's no perfect solution for that I guess.
Honestly using pandas "pd.read_sql_query()" function will give you a lovely dataframe while still allowing you to write raw queries.
I'm in the raw SQL camp. Only one feature makes me doubt it sometimes: Data validation that can be built into the ORM through pydantic. If not for that, I wouldn't quite see the point in abstracting away the SQL.
Subscribed for the smoke-signal, sign-language, and Binary Clown-based SQL queries. glad I finally found a channel paying attention to the bleeding edge of clownbit accessibility 🙏
Thank you!
I'm a data cientist and I use raw SQL. Now I am writing a internet app for my wife's company and deciding which approach I must use. And with your video I decided: raw SQL. ORM can't use all the potencials that a SGDB could give. Thanks for the video.
I've only ever used an ORM when I first started out writing c# with entity framework. It was really good to be honest, but I moved to nodejs and for whatever reason I decided to go raw SQL and honestly haven't noticed any productivity loss. Thinking in SQL is actually very easy. It's algebraic after all.
I've always preferred the raw SQL. I need to know it anyway, to find my way through the database, review and validate the data, etc. My approach, most of the time, is to design and test the SQL on its own, in a SQL editor. After that I integrate it in the client code, with the confidence that the SQL works.
Unless you know SQL well, using the other two would be a mistake. But to be honest, ORM is something you'll regret down the road when you scale. Raw SQL is what I recommend, it'll scale well and it's something you need to learn anyway.
I use raw SQL as functions with typed obj params. Using some custom helper functions, the SQL is compiled and executed.
I dont use ORMs or "?" args though since I find them unreliable.
The main problem with ORM is when you fall into the trap of stopping to think about and harness the power of the relational database model. You limit your possibilities and don't even notice. And I'm not talking about complicated queries here. Eg. with an ORM you can easily load big, deeply nested data from the DB into an Object. This is nice but can produce dramatic performance issues. This is not hypothetical. Been there, done that, didn't like the t-shirt.
A lot of people assume that the sole purpose of an ORM is to provide an abstraction over SQL. But the important thing about an ORM is that it maps result sets into objects. ORMs often (always?) do provide that abstraction layer over SQL but where we're often dealing with APIs that are expected to return result sets in JSON, it's the object mapping that's their most important function. Some ORMs take that "Object Mapping" idea a little to literally and only map data into "strict OOP" objects with some kind of class definition but often all we actually need is for the result set to be returned in a collection of nested dictionaries.
Have a look at SQLModel from FastAPI creator Sebastián Ramírez.
ORMs don’t make any sense to me. The code doesn’t end up any simpler.
Yes this is correct. The main benefit is mapping them to objects. The full on builder pattern stuff for sql really comes into play in a massive project and large databases with complicated relations. For the most part you only need a micro ORM
@@lawrencedoliveiro9104 xD
@@lawrencedoliveiro9104 just wait til you’re writing queries that require data from 5+ tables, complex triggers, very specific repetitive logic, etc.
SQLAlchemy 2.0’s ORM module is amazing 😊
I always prefer to use raw SQL, and I have been doing SQL for 30-plus years.
8:02 DBMSes themselves usually provide some kind of introspection facilities, though this varies a lot. For example, SQLite provides enough information that you should be able to programmatically derive the entire database schema without having to parse actual SQL, while MySQL/MariaDB is a bit more limited.
The question is: do ORMs make use of this? Doesn’t seem like it.
I almost always use raw SQL. And when I do, I use the Jetbrains IDE, such as Pycharm Professional (not community version). It has such great support for database which amongst other things:
1) SQL syntax highlighting and SQL code completion from within the .py file
2) Ability to run SQL query from any SQL text string in the .py file directly to the query console
3) Provide ability to jump to SQL table or views definitions from python code...
I do love VS Code. But as much as I love VS code, when it comes to any Python code that I need to use raw SQL, Jetbrains IDEs just blows VS Code out of the water.
But of course, the con is it is not free :-)
DataGrip... The only good thing that I could say about it... It's JetBrains - it looks like JetBrains, integrates with JetBrains - that's all. It's laggy, underperforming, full of bugs (it cannot even parse Sql Server structure properly). Putting it behind a pay wall is a big "no no" for me. Dbeaver community is free and does its job far more better...
Awesome video, as always but more I lean Python more I Like R functional way to work with data. I use raw SQL always.
While I like ORMs because they get you going fast on projects when you aren’t really interested in how the underlying queries are written / work, I’m in the camp of using raw sql and the native drivers for the languages I use (Java, Python or TS). It’s great because you can continuously practice your sql skills while writing app code, you can get full control over the sql and functionality and you can optimize right within the implementation.
Plus writing sql is fun.
Would be interested in a part 2 where you give your thoughts on which to use given the application use case. My understanding is an ORM can help with a multi-user application like a Web frontend, where throttling to the DB might be necessary.
In either event, it seems you need to know the SQL query you need (obviously) so would be a stretch to go above and beyond unless for performance or security.
Thank you!
Curious to know from those using ORMs if mapped columns are common
You can add --sql in start line and vscode will be show pretty sql query
I prefer raw queries. They allow for better optimization, and the SQL engine you use is far less likely to change than the programming language you access it from.
ORMs kinda bear additional overhead in that you need to define your schema twice(in you mappers and in your migration scripts), while the other two only need it defined in one place.
Also, no matter which you pick you're still learning and executing all of the same SQL concepts. I've kinda landed in the camp that the only scenarios in which an ORM is being used effectively are also scenarios where you don't actually need an ORM.
I use raw sql statements because my ide connects to my database and gives me auto completion on sql statements anyways.
Although, always having to convert lists of tuples into something usable is a bit of a pain.
raw SQL is my personal favorite
Excellent content as always. Worth mentioning that ORMs might perform worse in some cases. And it's still very important to know SQL because you know.... Sometimes the abstraction magic doesn't work and you gotta look under the hood.
The some is a bad choice of word. The absolute majority of anything beyond the absolute basics is what my experience tells me.
I've lost count of the times I've replaced ORM code with a few well reasoned lines of SQL and improved performance by 3 orders of magnitude.
@@magfal yup, the more abstraction an ORM has, then anything more complex than basic CRUD gets absurdly complex if not plain simply impossible... luckily there are workarounds like using custom native SQL then just mapping the results, but then you have a mix of structured and freetext anyway...
@@zoladkow dapper is the least shitty application layer integration of an SQL server I've used.
Definitely at least know how to use Raw SQL if needed. As a Database Admin I can say, there are times when the generated SQL from any option other than RAW is less than optimal. One thing i do is look for SQL statements that use a ton of resources and suggest ways to make them better. An example i had a few years ago, the sql sent to the database by some auto generated tool was 7 pages printed out. I printed the SQL and used a pen and highlighter and rewrote the SQL to 3 pages. The one i wrote ran in about 1 second, the one the app sent ran for 2+ hours. I gave the developer the new sql statement and he was confused as to how to fix his application. Eventually we found another developer to help him fix it. This kind of thing happens on large complex systems all the time. Its nit really an issue with small simple queries but at least know how to do this, you never know when it may be needed.
I am trying to learn sqlalchemy but that's really hard. Hey I just found out about something called codon. You could do a video on that, the differences and the multithreading. That looks dope. Love your content!!!
I guess what I'm curious about is what is the right way to persist Python objects to DB so that your applications state is sensibly captured? And then on the flip-side, how should application objects stored in DB be sensibly retrieved?
Hi Arjan, about a year ago I was learning SQL with PostgreSQL and eventually MySQL. My first programming language was SQL before jumping onto python. My SQL is a bit rusty now I am learning Django's ORM and I must say personally I prefer raw SQL versus the ORM. The ORM doesn't feel as powerful as SQL from MySQL or POSTGRESQL. Now the question is, how can I use a SQL database on my Django project versus using an ORM? I would prefer to open up the MySQL and creating the database, tables and rows myself versus using an ORM for my project, but I haven't figured it out yet. Thanks for the video.
Can you use SQL analytical functions with ORM?
Hey Arjan, I started learning programing with Python, curently I work as SQL Developer and more spesificaly Transact-SQL (Microsoft SQL Server). I loved the power of ORM when I was learing to code with Python and Django. However now after I worked for so long with raw SQL I can honestly say there are some stuff that the database does that ORM can't, for example, reating indexes, stored procedures, optimising execuition palans and so on. Overall I believe even with ORM you can leverage it even more when you give a go learing sql database and how it work. Thanks for the video it was really cool to see.
I dont know about the rest but you are able to manage indexes in orm
@@dawidp749 indeed you can. Why argument was that SQL and DB administration is a good skill to have.
Hi, Arjan. Nice video. I have a suggestion for an another video: SQL and NoSQL comparison. Think about this. Thank you.
I don’t think there’s such a thing as “NoSQL” any more. Even the non-relational DBMSes are adopting forms of SQL for their query languages.
NoSql are dead, use memcached to cache, redis for pub/sub or queue... Put everything else in a table, inside a sql db
Given that I mainly inquire about metadata related topics such as listing views, tables, columns, and data types using various database providers (both cloud-based and on-premises), what would be the optimal choice for me (if it even makes any difference)?
Can you speak to the advantages and disadvantages between data mapper pattern vs active record?
Great content Arjan and team! Can you make something for DynamoDB? Do you recommend any libraries for that?
raw sql and prepared statements
Can you do sql Injection with the case you shown at the beginning? I think sqlite3 supports one operation per cursor execution. I don’t see how you can do sql injection in that query.
People seem to be very afraid of the various forms of injection attacks. In fact, they are quite easy to avoid.
@@lawrencedoliveiro9104 and yet I constantly see SQL injection project code.
@@NathanHedglin So do I ... mainly in PHP code.
For the sql string in the video, I do no see how you can insert sql injection. It will just crash.
@@oprea1991 If the code was running in sql -> and the limit value given by the user was say "10;drop table users;" it would run the sql query generated and then run the second query
I love taking a break, watching your channel and reading the comments. I think my brain grows every time.😂. I really like the implicit handling of transactions using ORM with SQLAlchemy. I think it just makes the code cleaner when working with tables that are unlikely to change. But when doing machine learning or exploratory data analysis the flexibility of SQL would certainly be the way to go.
Arjan, you could have demonstrated the built in SQLalchemy query language, using native python syntax to filter, group and so on to demonstrate that you don't have to learn sql at all. I think i the biggest strength of SQLAlchemy similiar to hibernate/nhibernate in java/C#
Hi Arjan thx for fine video.
SQLAlchemy has architecture is onion layered, so you can use Query Builder in sqlalchemy it is called Core. I usually use it with custom python slot-ed dataclasses.
I like the core does not change so often as ORM layer and provides:
- query flexibility (you can always fall back to text query)
- good protection against vulnerabilities
- tables definition and create_all metadata ( DataDefinitionLanguage )
Yeah was about to comment this, we use the core (or sql expression as we call it) and its a nice middleground.
12:50 I deal with that in one of two ways:
* For some projects, there will be a schema file containing the requisite CREATE TABLE statements, included in the source tree and version-controlled along with everything else.
* For other projects, particularly ones using SQLite, the program itself will automatically create the necessary tables each time it is asked to create a new database, so the CREATE TABLE statements will be in the program source code.
I've been struggling with this dilemma for quite some time now. Glad you made a video about it !
Glad it was helpful!
I'd definitely stick with an ORM. For databases which are changing in the development phase you can use mirroring to have the ORM pull it's shape directly from the tables it's accessing.
Also, if you do run into a very tricky corner case where you need to construct a raw SQL query you can send that with the ORM, or you could create a view in the database itself and point the ORM at that.
Can you explain to me what mirroring is and how we achieve it in sqlalchemy ?
@@sachinfulsunge9977when you use an ORM, you know how you have to specify the tables and the columns you have in your database? Well ORMs can do that for you - they look at the database and create classes that “mirror” the tables and columns.
I don’t know about SQLAlchemy, but if you ever use Prisma, then you would run:
prisma db pull
(You may need to add “npx” or whatever package manager you’re using before the command)
I like Sqlalchemy as it gives you ORM and Core so you can choose to do SQL with Core if you need it for something more complex than is practical with the ORM.
Hi Arjan can you please share the code repository link along with Database download link. Thanks
Thanks for noticing! I'll add them in the description.
The fancier of a helper layer you use, like an ORM being fancier than query builder, the greater the risk that some security or other lacking feature bites you in the future. I see many older code bases having trouble due to unsupported or difficult to upgrade helper layers.
if you are new learn SQL skip the BS of ORM the only safe way i find ORM is for basic queries that don't join , if you start putting queries in for loop in your application its time to learn proper sql or just skip the BS and learn SQL
Didn't think the code using SQLAlchemy would look so ugly. I've been using Peewee, and the code is usually clear and concise.
Once you enter a project that uses ORM, you realize you have entered hell.
30 years of writing SQL. An ORM such as sqlalchemy gives you the ability to compose SQL in parts. I usually write the sql and then build the sqlalchemy. This is not really 'object relational mapping' but more of an abstraction. A lot of the time my query is using the metadata and does not even have a class for the table.
Most ORMs are limited by supporting multiple databases since it forces usage of the lowest common denominator. In the case of postgres that means you leave 80% of the potential behind.
But for writing quick Crud it is fine.
@@robertmazurowski5974 even then I wouldn't use it for bulk actions such as importing 1000s of rows at the same time.
@@magfal if your a data analysts don't use ORM. What web app would do 1000s of rows?
@@robertmazurowski5974 if you ingest a list of customer or a list of products it's a bulk action.
Accepting an Excel through a web interface, validating and importing from it is a good user experience for some people.
Isn't support for migrations also an advantage for ORMs? (Never had to deal with them before, so just wondering)
Yeah there are alternatives to that too. ORMs are nice because everything just works together.
As a data analytics engineer, I personally use raw SQL most often to keep queries portable between apps and people, and to make optimization easier.
Something which always bothers me: SQL is great, but it's sometimes not as testable as something like PySpark Dataframe API or functions built on ORM. There is value in specifying a query plan in chunks that may be isolated and re-used...though it doesn't always work out as nicely. SQL tends to demand more integration testing, which is fine too.
Isn’t the primary use case for ORMs is that you develop an OOP app, and the ORM can load and save your object’s state to the database and vice versa, so that you don’t have to write the mappings manually?
6:16 Just a note that splitting things out into separate files will slow down loading, compared to having it all in the same file.
Have you measured this?
FWIW, the OS is VERY good at caching recently opened files, and it's not as if you're having to wait for spinning disks anymore. So the overhead is really fractional, when compared to the time taken in the SQL layer anyway.
Even better is to create views and functions in sql database.
useful..thanks
I often use a hybrid of ORM and raw SQL:
Some more complex parts of a query I might write as raw SQL, then pass them into the ORM alongside more standard things like selecting normal columns and making reasonably simple joins.
I do sometimes use the SQLAlchemy `with_hint` method to force certain indexes to be used.
One very important thing to note about SQLAlchemy is that it has a `Core` and an `ORM` - I know SQLAlchemy 2.0 changes some of this up, but we are still on 1.x.
The `Core` side compiles statements, executes them and returns simple tuples of the raw data.
The `ORM` side can allow you to fetch an entire row of the table, loaded as a Python Class, meaning you can have your own custom methods defined on that class for calculated properties used later, or for common functions to update fields on the row all at once.
The ORM query can be much bigger (it will fetch all fields on a table), but can be powerful if you want are try to be Object-Oriented - you effectively treat each row of a table as an Object. Though, again, for many situations where speed of queries is important, you often just want to load the limited data you need and keep it quick.
(That said, SQLAlchemy have 'Bundles' which allow you to subclass the main Class for a Table and limit down the columns loaded - SOOOO helpful for speeding up some of my queries loading a half-dozen columns of a 30+ column table)
The SQL Injection protection is massive for a webapp if we are using customer input in the query (especially searches!) and resorting to raw SQL, even in part, needs that little more careful attention to prevent possibilities.
I am not really experienced with this stuff, can I ask you for a bit more detail? Wouldn't that make things just a bit more confusing overall rather than just using one method? Or is this for a particular use case? Trying to decide what I should go for for my first web app. Also I am probably going to be using Django's ORM if I do, as I will use it as a framework, so if you have any thoughts on that too that'd be great. Thanks :)
What is lost is the use of SQLite itself. For other DBMSs, they provide a driver which is usually a dynamic C library. This library may be written differently depending on the different standards for defining APIs or it may be a custom API for the database itself, such as ODBC, etc. Eventually, this API can be used with a protocol, for example, when connecting to a certain database, you need to send this URL and the username and password.
But for SQLite, interestingly, the driver itself is part of the database
I don't know much about SQL, but I think you have a misconception about how SQLite works.
Please talk about stored procedures. For mature schemas that contain deeply derived tables, I believe SPs to be arguably the best option for secure, efficient & idempotent inserts/updates.
Why I prefer raw sql over ORM's is because the things you learn from raw sql can translate over quite easily to other sql type languages. Whereas, with ORM's, going from one ORM to another is not as simple. This is even more of an issue if you work with multiple programming languages on the backend as they will have their own ORM's you need to learn as well. Raw SQL does not have this issue.
Other advantages are sometimes the queries it generates are not the most efficient. Even some of the methods you use don't do what you expect them to. Prisma was one that messed me up.
ORM's may also not have all the features that the sql language provides due to its complexity, maturity in the ecosystem or simply because the feature itself is very new and not yet supported.
Great video! Another point to touch on are database migrations. With SQLAlchemy you can use Alembic to auto-generate your migration files based on your Python DB models. It's not perfect, but it does 90% of the job. With Raw SQL or SQL query builder you have to write migrations by hand. Would you still use Alembic to manage these migrations or something else?
You could have AI write the migration these days.
A really nice feature I've seen experienced teams develop on top of ORM is some way to automate writing (or refreshing) those data classes by pre-reading tables in the database once. Seems like a natural addition to an ORM library.
I prefer to work directly with raw SQL defined in files. This way is independent of language, gives more flexibility to tuning queries, and everyone can read and understand queries without learning a new framework,
There is a point with ORM I really don't like is that most of them are following the Active Record pattern. That is to say it couples data to model (most of the projects I've seen, ORM classes became domain models, and that's a pain). Raw SQL or query builders allow much more decoupling.
Note that SQLAlchemy can work as an Active Record, a Data Mapper and a Query Builder!
Could you explain why the Active Record Pattern is bad / what pains you had with it?
@@manuelstausberg8923 Active Record is also known as "anemic domain model antipattern". It is ok to use it when business logic is simple, when all you have to perform with your model are CRUD operations. When the business logic begins to be complex, uncoupling the models from the data is essential.
Exactly, if you like the repository pattern, you can use it. by the way AR pattern is not that bad. someone saying it is a antipattern they are just plain wrong
Cursor creation and extraction of results is such a common pattern that I like to wrap it up in a generator function, e.g.
def db_iter(conn, cmd, values = None, mapfn = lambda x : x) :
for item in conn.cursor().execute(cmd, values) :
yield mapfn(item)
♯end for
♯end db_iter
What is the point of the mapfn arg? When returning a given list of field_names, you can turn the result into a dict with something as simple as
mapfn = lambda row : dict(zip(field_names, row))
4:16 Fun fact: the awkward “PostgreSQL” name arises from the fact that the original Postgres DBMS had its own query language, called QUEL. This was in the early days of relational DBMSes, when SQL was still gathering momentum but hadn’t quite become totally dominant yet.
So when they finally gave in and adopted SQL as a query language, they had to indicate this by grafting this new thing on the end of their name, with slightly unfortunate results.
Eh that’s half right. They were called Ingres, and when they adopted SQL were born anew called themselves Postgres.
I don't understand difference between:
id:int = Column(Integer(), primary_key=True, nullable=False)
id:Mapped[int] = mapped_column(Integer(), primary_key=True, nullable=False)
chatgpt is vague here. Anyone?
Raw SQL is my current choice
My database is using SQL, so I'm using SQL when talking to it. I've too often been in a situation where I knew exactly what to do in SQL, but the dumb, annoying, stupid, broken, limited or otherwise deficient query builder or ORM prevented me in doing what I wanted.
i have a colleague who absolutely love these query crutches and his code is always more lines of code, it can't executed outside the program for debugging and sometimes it's actually complicated to see what the thing is doing. I hate it so much.
For the love of all that is good and holy, please, please use SQL when you're talking to a SQL server.
I was looking for a query builder and your video helped a lot in giving me a solution. Thank you.
Glad it was helpful!
Raw SQL. I have over 35 years experience. There are lots of reasons why ORM and builders are bad. I'll enumerate a few.
* Readability
* Context
* Transactional control
* Concurrency control
ORM and builders might be good for CRUD or reporting, but for serious coding they're a liability.
Raw SQL, ORM are amazing if your DB is simple, whenever you need to delegate processing to sql engines I will always use Raw SQL
I prefer ORM for simple CRUD and raw SQL for more complex things.
I would be interested in your views on if and when to move these kind of queries to stored procs and just use procs instead. I understand there are benefits to that, but I'm not sure what the downsides might be beyond having an extra place that you need to keep track of changes to your logic when iterating on a particular feature.
ORM, fallback on (own) queryBuilder, fallback on plain SQL.
ORM is IMO more to let the "next guy" working on the entity - so he|she does not have to care what the tbl name is, or w/e.
Also: ORM should have ::getData(string key = null) and ::setData(mixed key, mixed value = null) to be able to use new columns that are not implemented yet.
Your raw SQL had a LEFT join, but it looked like in SQLAlchemy you just used .join - are these the same? Or is that specific to the setup of your model classes?
Great video :) as always
Thanks!
If you’re using raw sql, please use DBT!
I think ORM's are better choice, I like the part where I can see what's going on with my dB and how it is structured.
I do can get irritated when I want to change the structure of the tables or database
I have created dynamic system in Python which generates with generates schema and alters the schema automatically instead of hard punching them in the program
I have odd issue, in my application one of procedure purpose will return data from previous record. This procedure never had any issues running on windows xp and sql 2000 server. But same procedure running on windows 10 and sql 2014 returns null character intermittently even though the previous record has valid data.
Any suggestions how to identify the root for this issue? Tools,method, etc?
Love the channel Arjan! So grateful for your content! keep going!
Nice video. Can you one day talk about Object-relational impedance mismatch?
Yeah. Objects are often in some hierarchy relationship, either through inheritance or composition. Relational databases are arranged in a tabular relationship.
I heard somewhere this tabular structure was designed to deal with the slowness inherent in searching slowness on magnetic disks. The keys are used internally by the database engine to jump to the right sector ...
The concept of relational databases arose from the mathematics of data relations. Remember what came before: there “hierarchical” databases (e.g. IBM’s IMS) and “network” databases, a.k.a. the CODASYL model (which some are now trying to revive in the form of “graph” databases). Both of these were very much tied up with on-disk structures and explicit indexing and linking and all the rest of it. So any changes to your database structures, even just wanting to optimize things a little, required changes to your code.
Relational databases abstracted away from all these implementation issues, and helped a lot with decoupling code from low-level on-disk structures.
Just wanted to put it out there that there is a standard language: ANSI SQL, and most databases try to implement as close to it as possible. It is true there are dialects, but these days the differences are more in the functions and features the DB offers.
Except in the case of TransactSQL, that is a 🗑️ dialect 😂
Good point!
What's the best for building a database that constantly has new columns being added to some of the tables?
I currently have a flimsy solution that's driving me maaaaaad
Ideally you should design the database so that the columns don't have to change that often. If that's not possible, you could look into a NoSQL database as that puts less constraints on the structure of your data.
@ArjanCodes hmmm. You're not the 1st to suggest the Nosql route. I guess I'm just hesitant of the learning curve, but it has to be done. Thank you
5:05 If it was a “%d” format specifier and you used printf-style formatting, then it cannot be substituted with anything other than a decimal integer. Problem solved.
Thanks Arjan, interesting video, as always. A question: do these options make any difference in terms of trying to set up and maintain a "clean architecture" for an application? From reading online, I got the idea that ORMs can help you interface between inner layers, which handle business logic, from outer level "details" like the specific database you use. But, watching your video, I wonder if you can't also do that decoupling with raw SQL or query builders. Maybe using raw SQL makes changes to the DBMS more cumbersome to manage? But, at the same time, if you are at an early phase in your project, and your database data models are still not stable, does ORM actually help? It seems like ORMs help you decouple from the DBMS, but actually increase coupling to how relations are defined inside the database... Does that make any sense? Anyway, excuse me for the digression, and thanks again.
If we use pandas or polar
with SQL db
with a custom context manager... Then pd.read_sql(), df.to_sql() .. Does this simpler way... Sql is not that simple way to do complex queries, when pandas do nested filtering with simple pipe method after using pd.read_sql()
ORM has much more features than shown. It's like comparing Django, FastAPI and build-in HTTPServer. All will handle requests, but you need to spend weeks to understand what the trade-offs between them are. Same with ORM. Control is always the price you pay when picking an abstraction, but we should be fully aware what the get instead.
My default is ORM and if I need control or optimization, I drop raw SQL here and there.
It’s personal preference. I prefer writing SQL. Well, I do SQL for 25 years, so it’s muscle memory for me.
But I do understand people who prefer ORMs. In big projects I use stored procedures, materialized views, etc. I recently learned that some people think this is bad practice.
Well, in the end, a software must do it’s job and the customer must be satisfied.
Thank you! I was just learning sql and getting in sql alchemy and was wondering this!
Great to hear!
Can you make a video on how you work around your own database migration. I mean orm like sqlalchemy there is alwmbic but what if I'm using a query builder how will you do that please make a video on it
Noted!
If there are multiple dataset that needs to be merged (which is often the case since you use relational tables to optimise a database), I always stick with Raw SQL. I also find time zone manipulation a huge pain in any scripting language whilst in SQL it typically a 1 line change.
for freelances, ORM would be a way to go because raw sql needs more codes.
Migration is important for me. With Django it is included, and for sqlalchemy you can use alembic. Therefore I would use ORM for sure.
The problem I've seen with ORMs is that developers get a bit lazy, and/or don't know exactly what some database accesses are doing, and end up writing code that completely mullers the database performance, like by triggering complete table scans multiple times, or just pulling in giant tables entirely when all they needed were a few rows and columns.
And then they go "we need a faster database engine and/or more processing power", which is especially frustrating when the old code they are "modernizing" was lightnig fast.
I've seen some experimental projects where you can write some kind of orm/api/stored-proc interface, where you don't define a mapping to tables directly, but to these stored procs which are custom to exactly what the programmer wants to query. But I don't think any of those ever got off the ground.
Raw SQL is great. Query builders are okay. ORMs are okay if they're stable and have broad community support, and let you drop down to raw SQL. Just don't build your own ORM, if you do I'll hunt you down and show you all the sql injection bugs I'm currently fixing in my company's in-house ORM. You'll have nightmares for months.