[erlang-questions] ErlSQL: easy expression and generation of SQL statements in Erlang

Yariv Sadan yarivvv@REDACTED
Sun Sep 17 14:17:00 CEST 2006


On 9/17/06, Vlad Dumitrescu <vladdu55@REDACTED> wrote:
> Hi,
>
> > I created a small library, called ErlSQL, for expressing and genering
> > SQL statements in Erlang. ErlSQL makes it easy to dynamically generate
> > SQL-injection free statements from Erlang.
>
> It looks cool, but feels like it could need some polishing.
>
> For example, why
>
> {delete,project,{a,'=',5}} ->
>   "DELETE FROM project WHERE (a = 5)"
>
> and not
>
> {delete,project,{where, {a,'=',5}}} ->
>   "DELETE FROM project WHERE (a = 5)"
>
> making it consistent with
>
> {select,{foo,as,bar},{from,{baz,as,blub}}} ->
>   "SELECT foo AS bar FROM baz AS blub"

Good point. I will make this change.

>
> Also, it also feels it's just sql with some {} added here and there...
> I mean that is I have to know the exact syntax of the sql statement,
> then I can just as well compose it directly. Building sql statements
> should be done only from the db layer, so regular application
> developers will be insulated from it anyway.

It depends on your purporse. Although some SQL statements can be
constructed automatically in ErlyDB by making certain assumptions
about the user's intentions, there are always cases where users need
more manual control. Making ErlSQL look like SQL was necessary to make
it easy to learn and to make it extensible to cover more of the SQL
language. The 'ideal' scenario would be for Erlang developers to never
have to construct SQL statements from strings directly because ErlSQL
statements are easier to build dynamically in Erlang and because they
are much more resistent to SQL injection attacks.

I see ErlSQL as a middle layer between ErlyDB and the database driver.
You will find it helpful in scenarios that ErlyDB can't handle very
well, yet it will give you a higher level of abstraction and a lesser
semantic gap when working with your database driver directly. In fact,
ErlyDB will use ErlSQL to faciliate compatibility with non-SQL drivers
-- esp Mnesia -- without having to parse SQL strings.

It's also convenient to have your IDE indent your statements and
balance all your brackets and parentheses :)


>
> That said, I think it's a good start and it opens interesting possibilities.

Thanks for the feedback! Let me know if you have any other suggestions!

Best,
Yariv



More information about the erlang-questions mailing list