This is a pragmatic piece of Fowler on the rather dry topic of Object-relational mappings - in short, the attempt to marry an object-oriented code base with a relational data base.
Usually you’d get enough early success to commit deeply to the framework and only after a while did you realize you were in a quagmire - this is where I sympathize greatly with Ted Neward’s famous quote that object-relational mapping is the Vietnam of Computer Science
What Fowler refers to here, is Ted Neward’s article “The Vietnam Of Computer Science”
I like ORM’s because they prevent sql injection. Mostly. Sql injection is a really bad vuln that’s nowhere near as ubiqitous as it used to be for every php app, and that’s partly due to ORM’s.
You don’t need ORMs to prevent SQL injection. Prepared statements have existed for decades.
That’s what I thought too: https://programming.dev/comment/22854391
But it seems to be possible to still do them wrong.
It’s a bit sad that sql injection is still a thing. It’s been a known problem for decades, and developers keep itching to reinvent the vulnerability over and over…