ORMs like almost everything else in SWE they are _tool_. It's not a law or a prescription. It's not mandatory.
ORMs are fine for 99% of cases. When it isn't fine use raw sql, no one is going to mock you, no one is going to jeer at you. Most times ORMs are fine, sometimes they are not.
So basically you end up with two situations:
1. You need to hire engineers with double the expertise (not just a SQL engineer, but a SQL+ORM engineer).
1a. You hire a SQL engineer who now has to learn Yet Another ORM.
2. You hire engineers who only know the ORM but not SQL, and your app ends up having shit performance.
Basically, ORMs are simply complicated SQL generating macro frameworks. They are way too leaky to provide a useful level of abstraction like most programming languages.
LLM coding tools may displace ORMs, because they can take away a lot of the tedium with integrating application SQL, which is what ORMs are supposed to do.
https://dev.to/cies/the-case-against-orms-5bh4
> Most times ORMs are fine, sometimes they are not.
When fine is defined as "improves dev't speed" I think they are not "fine" for any serious (say 100kLOC+ size) project.
> It's not a law or a prescription.
They come with a lot of webFWs, to the point that a lot of web software is built on top of them. These FWs (Django, Rails, Laravel, Symfony, Play, etc.) promote the use of ORMs.
That isn't the point, though. Some people, myself included, find that processing the data in a declarative language directly in the database makes your code simpler and less prone to bugs.
I find that to be insane.
How do you version that code, and how do you reason with the business logic split all over the DB and code?
Not neccesarily. jOOQ[1] and sqlc[2] are great options if you don't like stored procedures, but for a small app or a prototype, just having plain SQL strings in your app is fine.
My point isn't that the code has to be stored in the database, but rather that the processing happens in one place where your data is stored and your middle tier just gets the results. Pure, stateless data. This means you don't have to synchronise shared mutable state between your app and your DB server, cutting out all the headaches of ORMs, such as having to specify your data model in two separate places, n+1 queries, locking, lifecycle management, dirty tracking, eager loading, caching, and optimistic concurrency control. All of this adds to complexity and congnitive load.
SQL also provides a declarative approach to defining your business logic. You define the what, not the how. In addition to greater productivity, the programming model is much simpler because you aren't complecting control flow with data flow. With JSON support in Postgres, your query results don't have to be flat tables either. You can get your data in the exact shape you need.
> How do you version that code
You put it into your VCS. SQL is part of your code base, you can and should version control it just like any Python, Ruby or Java code. When using stored procedures, I recommend putting them in a separate schema, so that the schema can be dropped and recreated in a single transaction during deployment. See [3] for an example of stored procedures under version control.
> how do you reason with the business logic split all over the DB and code
You separate your concerns instead of mixing them. The core business logic is in SQL, with your middle tier doing the plumbing, orchestration of external services and presentation.
We already have an abstraction for interfacing with the DBMS. It’s called SQL, and it works perfectly fine.
It allows for functional programming, as in building queries upon other queries. And predefined filters, easily combining queries, etc. And much more.
Of course you don't need all of that. But in a big project, where you might query some particular tables a lot of the times, and there are common joins you make between tables, then sometimes it is nice to have predefined models and columns and relations, so you need less verbosity when building the queries.
You do of course need to learn a new tool to build queries, but it does pay off in some cases.
ORMs are not an abstraction to interface with the DBMS. They are an abstraction to map the data in your database to objects in your code and vice versa. It's literally in the name.
Feels like a lot of anti-ORM sentiment originates from people who literally don't know what the acronym means.
Maybe that's part of the problem - you're trying to map tabular data in your database to hierarchical data in your programming language.
Of course there's going to be all kinds of pain when pounding square pegs into round holes. Getting a better hammer (i.e. a better ORM) isn't necessarily going to help.
Why would you need to drop the type information when you stop using hierarchical structures for your data?
ORMs let anyone make CRUD apps without needing to worry about that sort of thing. Also helps prevent issues from slipping through on larger teams with more junior developers. Or, frankly, even “senior” developers that don’t really understand web security.
Django is sealing its fate with the opposition to type annotations. I hope sqlc continues to grow on the Python side because it is wonderful in Go.
alembic is also much better than Django's migrations for the ability to expose the tree like structure with operation commands to manage it.
If Django would add some concept of project level migrations I would be much happier. When I build internal software I prefer one app to rule the domains so I have one set of migration history to manage. But everyone leans extra hard into over packaging into Django apps as a mechanism for name spacing domains and then cross app references / foreign keys make long term migration management a giant pain.
The multi “app” structure is confusing as hell to someone who is writing an… app. It reminds me of JBOSS from Java and no one likes JBOSS app servers anymore.
Its one thing I didnt appreciate until I tried fastapi and found it wasn't there.
I’d rather utilize requirements.txt or pyproject.toml to include a library than add an app to my app.
No. I refuse to operate like Wordpress. Glad it’s fine for you but it doesn’t with me for a variety of reasons. The biggest being is now you have multiple apps running in your app so who is to blame when it fails? You? The inner app provider? Django? Accounting? When utilizing libraries, we can utilize testing that can test our code against them either directly or using mocks. Separating ourselves from our dependencies, in case our dependencies change. Django’s model would have you add apps on apps with model definitions spread all over the code base making it near impossible to tell what your schema is…
The JBOSS App Server model is so dead. If I had it my way, Django would be deprecated in favor of FastAPI, Pydantic, and SQLAlchemy.
Can you explain or link to how/where that opposition manifests? This is the first time I am hearing/reading about it.
In writing they are much more diplomatic.
Here is (one of?) the most recent discussion but, again, it's not representative of the past 4 years so please don't read that and think I have drawn the wrong conclusions :) Django is mature and popular enough to be careful with changes like this but compared to the speed the rest of the community packages have embraced type annotations it is time to move. I was not present at DjangoCon US last month and have no clue if things are improving and movement is happening.
https://forum.djangoproject.com/t/revisiting-types-in-django...
I run into this with lots of tools and I just shrug and move on... I've actually never given this a second thought until you pointed out this inconsistency.
The main problem was that the "database" was IBM C-ISAM. Think MySQL MyISAM tables, except don't even dream about SQL, you interact directly with the internal primitives through a C API; when you'r used to SQL it feels like bitbanging in ASM.
The plan:
- Write a Python binding to the C-ISAM library
- Write a subset of the Django ORM from scratch that would use the above behind the scenes; of course it's more limited but whatever's there must behave the same.
- Write any new software using that subset; slowly port over the old code to the new software; of course it can't use _everything_ that one would otherwise use in a normal app; but then again C-ISAM was so constrained that expectations were incredibly limited anyway from the very beginning.
- [much later] pivot! swap out the mock-Django models and drop in the real Django ORM (basically s/from mockdjango import/from django import/g) and hit some mysql/psql/whathaveyou that you've populated with the C-ISAM schema and data
- All the software written is all the merrier and Just Works; the world's your oyster.
This was made possible because the Django ORM is _incredibly simple_: the PoC was done in an afternoon, the hardest part being understanding Python meta classes.
But yes, Django ORM any day... or just no ORM at all.
I strongly dislike this, since you always have to be careful not to make some unwanted change. When checking permissions, you have to check before you modify the object. You can't modify it and then run some permission checker. You also can't easily keep the old version around.
Sadly it seems most ORMs follow this style, and that Django's is the odd one out.
Could you list some specific examples where things broke because of SQLAlchemy's design?
I like my ORMs based on SQL concepts, not OOP concepts.
So you do have to know SQL, but you get more convenient ways of generating it.
I dislike all ORMs, but I especially dislike SQLAlchemy for its hideously bad docs.
These days I hate working with the ORM because it uses weird abstractions that make your life harder as you try to do more complicated stuff with your data. I had a small bug lately where a queryset would aggregate twice because I filtered an aggregated queryset, and this caused it to aggregate again on top of the previous result. I wouldn't have this bug if I was writing my own SQL, or if I used a query builder instead of an ORM. This is just a small example, I have many more annoying things that will cause me to use SQL directly instead of an ORM for my next project.
And this is how we become experienced SWEs.
> use SQL directly instead of an ORM
Me too.
You can also write custom standalone scripts which use the ORM. Django has a concept of "management scripts" which are also kinda like that (but with a bit more scaffolding).
What does that mean? Like you can't use the library's ORM without exposing a webserver?
SQL Server was the only “real” database available to me at work at the time.
Now I think Kotlin is basically a "typed Ruby". And projects like http4k[1] and terpal-sql[2] make webdev't a rather blissful experience.
So now I have to learn an ORM (with some kind of lifecycles, dirty tracking, eager/lazy loading config, etc.)... aaaaand I have to learn SQL as well, because the ORM's abstraction is leaky.
I see some benefits in ORMs for deleting and updating tables. But the benefits are slim and the cost (learning a library that requires understanding of quite a list of additional concepts) are significant. Considering that on-top-of learning the ORM I also need a proper understanding of SQL (for complex t queries or debugging ORM inefficiencies), I'd say it's not worth it.
I think it makes sense for something like Django where a lot of people are doing the same basic stuff a lot. So it works and somewhat justifies learning some special language.
But you can also just not use it.
But at the end of the day, SQL is text. That's life. Sorry - i know it sucks.
I've fallen in love with lightweight frameworks like pypika.
Part of this is the fact that AI smoothes over the rough spots. I would hate to have do an extremely complex query - highly complex case statements with unusualy datatypes - in pypika without AI. But with AI it gets really easy.
More broadly, AI makes using low-level frameworks much more practical. Requests is on the way out, and the socket framework is back.
The Django ORM is still amazing, especially when it comes to speed and handling multiple different types of databases.
But if you want to do something like create soft deletes (including cascading), it get's really hard really fast.
"My goal is to help you see quickly where each database works well and where it has some limits. I also hope this can be useful for anyone who wants to improve Django, or just understand it better."
OK, then I look at the feature matrix and see a lot of obvious errors, then I see:
"The data in the table below is entirely fictional and intentionally provided only for example! I included these features just to show what the final matrix could look like, to help start a discussion in the community. Do not use them for any real analysis or decisions."
OK...so....we'll come back when you've written it? What are we looking at?
Don't know if AI had anything to do with this but what you quoted reminded me of it.