If you're modeling relational data, it doesn't seem like you can get around using a DB that uses SQL, which to me is the worst: most programmers aren't DB experts and the SQL they output is quite often terrible.
Not to dunk on the lemmy devs, they do a good job, but they themselves know that their SQL is bad. Luckily there are community members who stepped up and are doing a great job at fixing the numerous performance issues and tuning the DB settings, but not everybody has that kind of support, nor time.
Also, the translation step from binary (program) -> text (SQL) -> binary (server), just feels quite wrong. For HTML and CSS, it's fine, but for SQL, where injection is still in the top 10 security risks, is there something better?
Yes, there are ORMs, but some languages don't have them (rust has diesel for example, which still requires you to write SQL) and it would be great to "just" have a DB with a binary protocol that makes it unnecessary to write an ORM.
Does such a thing exist? Is there something better than SQL out there?
No, SQL is great for relational data. There's like decades of research into it. It's the best.
relational databases have years of reseach into them, not the query language itself.
sql was built so people other than devs can use it, but we got stuck with it.
SQL has been around and evolving since the 70s. It is an ISO/IEC standard and is portable across a multitude of databases.
https://en.m.wikipedia.org/wiki/SQL
portable, my ass. excuse my french.
each system has it's own dialect and quirks
That does not mean that SQL, as specified by one of it's standard versions, is not portable. It just means that some implementations fail to comply with the standard and/or provide their own extensions.
If an implementation fails to comply with the standard, that's a failure on the side of the implementation, not a failure of SQL.
Could also be that the standard is lacking in some areas. I'm not sql expert but I always end up using implementation specific features even for rather simple tasks. Are there really people out there sticking 100% to standard SQL? Hell, the biggest implementations don't even agree on whether table/column names are case sensitive
I don't think that explains it.
If we're talking about extensions that cover custom features then obviously those aren't supposed to be standardized because they haven't been widely adopted.
If an implementation is missing a feature then that's a shortcoming of that particular implementation, not SQL's.
If an implementation screws up and has non-compliance qwirks, that's a bug in the implementation, not a problem with SQL.
Take SQLite for example. It explicitly does not support static, rigid typing, and claims it's a feature. However, SQL supports static typing and other implementations leverage that for performance and cost gains. Additionally, SQLite also keeps a list with a summary of all the SQL features it purposely does not implement.
SQLite is pretty popular. Does this mean SQL is lacking in any way? Is the SQL standard "lacking" because it supports
ALTER TABLE foo ADD CONSTRAINT
even though SQLite does not? Or is this a problem caused by an implementation failing to comply with a standard?sure, ok, but who uses only the subset of standard SQL in a particular engine just to call his queri3s portable? most of the good stuff is unique to each engine and is what makes the engine stand out.
it's the same with C standards…
Not really. Being designed with UX in mind, so that it sacrifices conciseness for readability, does not make it something for "people other than devs".
Likewise, BASIC was also developed with UX in mind, and no one in their right mind would ever claim that it's not a programming language.
SQL is horrible as a language to read or write. There's a million different variants, because it lacks so many basic things. And when used in other code, you generally end up string concatinating one language in another language, with all the HORRIBLE bugs something like that brings about.
Imagine Backend People said we should just write adhoc Javascript for the frontend by concatinating the "correct" code in the backend.
You should use parameterization, not concatenation.