[HN Gopher] Catching SQL errors at build time
___________________________________________________________________
Catching SQL errors at build time
Author : houqp
Score : 56 points
Date : 2020-01-12 17:19 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| bwblabs wrote:
| Reminds me of the !sql in rust-postgres-macros:
|
| https://github.com/sfackler/rust-postgres-macros#sql
|
| With the difference: it uses the PostgreSQL parser, not a generic
| SQL parser
| vpzom wrote:
| Ooh, that looks nice!
|
| Though it doesn't seem particularly maintained
| DJBunnies wrote:
| Cool and all, but wouldn't one prefer db tests?
| lgeorget wrote:
| Both are useful I'd say. Imagine a plug-in for your IDE that
| performs the static analysis and catches the syntax errors and
| some trivial semantic errors (typos in some field's name for
| instance) each time you save the file. I definitely find value
| in such a tool.
| gwd wrote:
| Why use a typed language like Go at all then?
|
| Types and static compile-time checking catch different types of
| errors than tests do. I don't know about you, but I am not
| smart enough to write bug-free code consistently; I can use as
| much help as I can get.
|
| In any case, it takes quite a bit longer to run my test suite
| than it does to compile.
|
| Unfortunately, I tried to give it a spin, and it said:
| ERROR: sqlvet only supports projects using go modules for now.
|
| Ah well.
| [deleted]
| skinnyarms wrote:
| I love podcasts and I'm glad for any service that helps me find
| useful content. That said, I'm not quite getting how I'm supposed
| to be using this.
|
| From a consumer viewpoint, I have a front page recommending
| episodes and a weekly summary. I get that, cool.
|
| Now if I want to heart episodes to tell other listeners about
| episodes I particularly enjoy...I go to the website and
| search/submit the episode...I guess?
|
| Anyway, I'm interested - I just wanted to share my first
| impression in case it was useful.
| cpach wrote:
| Wrong thread :-p
| contradictioned wrote:
| That reminds me on sqlj https://en.m.wikipedia.org/wiki/SQLJ
|
| I only heard about that in lectures but unfortunately could not
| really use it (sqlj was only compatible with Java pre-generics,
| so that was no option). Nice to see this idea revived.
| mixedCase wrote:
| Interesting. I had been using postguard in Node.js which also
| statically checks queries. But I wonder, how does this linter
| handle conditionally concatenated SQL strings in Go?
| houqp wrote:
| Good question. This is actually pretty straight forward to
| implement and it's on my todo list :) We just need to iterate
| through all phi SSA nodes recursively, see: https://github.com/
| houqp/sqlvet/blob/master/pkg/vet/gosource....
| rossmohax wrote:
| First class support for SQL type checking and domain model
| mapping: https://github.com/nikita-volkov/hasql-th
| sverhagen wrote:
| I can see how something like this is a nice addition to your tool
| set, but you really should have good automated tests at build
| time anyway to catch SQL errors.
| cgh wrote:
| This can even be done locally if your tests start and populate
| an in-memory database like Derby. Before anyone says it, I'm
| not talking about ordinary unit tests, but they can be part of
| the test suite.
| rgharris wrote:
| I agree, end-to-end tests have been really valuable for
| catching SQL issues in my experience.
|
| > _Identify unsafe queries that could potentially lead to SQL
| injections_
|
| This feature seems like a perfect use case for static analysis
| and would be a great tool in addition to automated tests.
| sverhagen wrote:
| And static analysis is not limited to build time so it can
| provide value even earlier.
| pletnes wrote:
| Or later, if your program grows from a small hack to an
| important application.
| taeric wrote:
| With embedded databases, I'm fine of not just checking syntax
| of queries, but the logic that relies on the store.
|
| Not a panacea, but very nice regardless.
| npstr wrote:
| That's why I love using sql query builders on top of code
| generation from the migrations. Helps with writing new, type-safe
| queries and if migrations break the queries, we will know at
| compile time, its truly amazing.
| Pxtl wrote:
| On Microsoft SQL server theres a tool in SQL Server Data Tools
| called "Database Projects". This lets you have the whole database
| schema in a file tree that can be compiled into a binary object
| that the SqlPackage.exe executable can diff or publish migrations
| against a running database.
|
| This provides compile-time analysis of your whole SQL schema.
|
| It's a goddamned buggy disaster and the usability is basically
| zero, but the concept is cool.
___________________________________________________________________
(page generated 2020-01-12 23:00 UTC)