I actually like this. This would allow reuse of all the infrastructure we have around XML. No more SQL injection and dealing with query parameters? Sign me up!
Better than parameterized queries. Yes, we have stuff like query("INSERT INTO table(status, name) VALUES ($1, $2);").bind(ent.status).bind(ent.name).execute..., but that’s kind of awful isn’t it?
With XML queries, we could use any of the XML libraries we have to create and manipulate XML queries without risking ‘XML injection’. e.g we could convert ordinary structs/classes into column values automatically without having to use any ORM.
I actually like this. This would allow reuse of all the infrastructure we have around XML. No more SQL injection and dealing with query parameters? Sign me up!
So you mean like parameterized queries, which exist?
Better than parameterized queries. Yes, we have stuff like
query("INSERT INTO table(status, name) VALUES ($1, $2);").bind(ent.status).bind(ent.name).execute..., but that’s kind of awful isn’t it? With XML queries, we could use any of the XML libraries we have to create and manipulate XML queries without risking ‘XML injection’. e.g we could convert ordinary structs/classes into column values automatically without having to use any ORM.