> I get the concept of the ORM, but I don't really plan to switch database anytime soon
not sure if you get the concept of ORM, because switching databases is not what ORMs are primarily designed for, it's more of a common feature / side effect that may get invalidated when you use unsupported dbms features.
> and I have needed for the flexibility of having "no ORM".
or a clojure example http://sqlkorma.com/ you can probably find something similar for python, there are a few lightweight sql generation libs.
> The funniest SQL injection attacks I've seen have been against our search pages. Attackers assume that search is done as dynamic MySQL queries, that fact that you are actually using Sphinx or Solr seems to escape most wanna be hackers.
not sure if you get the concept of ORM, because switching databases is not what ORMs are primarily designed for, it's more of a common feature / side effect that may get invalidated when you use unsupported dbms features.
> and I have needed for the flexibility of having "no ORM".
http://docs.sqlalchemy.org/en/latest/core/index.html
http://docs.sqlalchemy.org/en/rel_0_8/core/tutorial.html
or a clojure example http://sqlkorma.com/ you can probably find something similar for python, there are a few lightweight sql generation libs.
> The funniest SQL injection attacks I've seen have been against our search pages. Attackers assume that search is done as dynamic MySQL queries, that fact that you are actually using Sphinx or Solr seems to escape most wanna be hackers.
bots. they see a form, they submit crap to it.