Sorry if the documentation is lacking; you can put anything you want in an attribute. Defattributes is simply a convenience macro that defines validation functions (as well as row getter functions) that you can use if you want, or not.
Generally SQL parameterization interfaces (in mainstream languages) involve syntax like:
execute("SELECT * FROM FOO WHERE BAR = ?bar AND BAZ = ?baz", {'bar': bar, 'baz': baz})
At best you have something cleaner in languages with string interpolation, but the use of string interpolation itself is debatable.
I stand by the claim that those approaches lack elegance, but if it's really "SQL Interface 101" to do it better, please share some examples. I'd be curious to see them.
Generally SQL parameterization interfaces (in mainstream languages) involve syntax like:
At best you have something cleaner in languages with string interpolation, but the use of string interpolation itself is debatable. I stand by the claim that those approaches lack elegance, but if it's really "SQL Interface 101" to do it better, please share some examples. I'd be curious to see them.