It is the slides of the talk, "MoSQL: More than SQL, but Less than ORM", at PyCon APAC 2013. It introduces MoSQL after v0.6.
About MoSQL:
MoSQL is a Python library which lets you use common Python’s data structures to build SQLs.
http://mosql.mosky.tw/
21. Hard to Use
SELECT * FROM article LIMIT 1;
add ORDER BY created?
add OFFSET 10?
8
22. Hard to Use
SELECT * FROM article LIMIT 1;
add ORDER BY created?
add OFFSET 10?
add GROUP BY author?
8
23. Hard to Use
SELECT * FROM article LIMIT 1;
add ORDER BY created?
add OFFSET 10?
add GROUP BY author?
UPDATE article WHERE title='SQL'
SET title='ORM'?
8
31. May Be Injected
'WHERE ' + ' AND '.join(
"%s = '%s'" for k, v in inputs
)
Cracker can inject from value
10
32. May Be Injected
'WHERE ' + ' AND '.join(
"%s = '%s'" for k, v in inputs
)
Cracker can inject from value
or identifier, actually.
10
33. May Be Injected
'WHERE ' + ' AND '.join(
"%s = '%s'" for k, v in inputs
)
Cracker can inject from value
or identifier, actually.
DON'T copy the code here!
10
42. Easy to Use
mosky = Person('mosky', 'Mosky Liu')
session.add(mosky)
15
43. Easy to Use
mosky = Person('mosky', 'Mosky Liu')
session.add(mosky)
for person in session.query(Person).all():
print person.name, person.person_id
15
44. Easy to Use
mosky = Person('mosky', 'Mosky Liu')
session.add(mosky)
for person in session.query(Person).all():
print person.name, person.person_id
Let you forget the ugly SQL so far.
15
82. Join is also available
select(
'person',
{'person_id': 'mosky'},
joins=left_join('detail',using=('person_id',))
)
31
83. Join is also available
select(
'person',
{'person_id': 'mosky'},
joins=left_join('detail',using=('person_id',))
)
-> SELECT * FROM "person" LEFT JOIN "detail" USING
("person_id") WHERE "person_id" = 'mosky'
31
96. Security
Security by default.
Use escaping technique.
Prevent SQL injection from both value and
identifier.
Passed the tests from sqlmap at level=5 and
risk=3.
34
97. SQL vs. ORM
SQL ORM
Easy-to-Use V
Secure V
Easy-to-Learn V
Fast V
98. SQL < ______ < ORM
SQL ORM
Easy-to-Use V
Secure V
Easy-to-Learn V
Fast V
99. SQL < MoSQL < ORM
SQL MoSQL ORM
Easy-to-Use V V
Secure V V
Easy-to-Learn V V
Fast V V