What you are describing as "Inline SQL" should really be called "string concatenation without parameterization," and you don't have to do that to use a Micro ORM safely.
Consider this Dapper example:
string sql = "SELECT * from user_profile WHERE FirstName LIKE @name;";
var result = connection.Query<Profile>(sql, new {name = "%"+name+"%"});
It's fully parameterized, even though string concatenation is taking place. See the @ sign?
Or this example:
var dog = connection.Query<Dog>("select Age = @Age, Id = @Id",
new { Age = (int?)null, Id = guid });
which is roughly equivalent to the following ADO.NET code:
List<Dog> dog = new List<Dog>();
using(var cmd = connection.CreateCommand()) {
cmd.CommandText = "select Age = @Age, Id = @Id";
cmd.Parameters.AddWithValue("Age", DBNull.Value);
cmd.Parameters.AddWithValue("Id", guid);
using(var reader = cmd.ExecuteReader()) {
while(reader.Read()) {
int age = reader.ReadInt32("Age");
int id = reader.ReadInt32("Id");
dog.Add(new Dog { Age = age, Id = id });
}
}
}
If you need more flexibility than this, Dapper provides SQL Templates and an AddDynamicParms()
function. All SQL Injection safe.
So why use SQL strings in the first place?
Well, for the same reasons you would use custom SQL in any other ORM. Maybe the ORM is code-generating sub-optimal SQL, and you need to optimize it. Maybe you want to do something that is difficult to do in the ORM natively, like UNIONs. Or, maybe you simply want to avoid the complexity of generating all those proxy classes.
If you really don't want to write a SQL string for every CRUD method in Dapper (who does?), you can use this library:
https://github.com/ericdc1/Dapper.SimpleCRUD/
That will get you extremely simple and straightforward CRUD, while still giving you the flexibility of hand-written SQL statements. Remember, the ADO.NET example above was the way everyone did it before ORM's came along; Dapper is just a thin veneer over that.
As far as I can tell, the question is why wrapping String constants into enum hasn't been considered sufficient to cover the needs of language users. This has been addressed in the official feature proposal announced at JDK 7 (project Coin) mailing list.
Per my reading of the proposal, alternative of using enums has been dismissed on the ground that it introduces types bloat. For your convenience, relevant part of the proposal is quoted below, with the statement addressing enums quoted in bold:
MAJOR ADVANTAGE: What makes the proposal a favorable change?
More regular coding patterns can be used for operations selected on the
basis of a set of constant string values; the meaning of the new
construct should be obvious to Java developers.
MAJOR BENEFIT: Why is the platform better if the proposal is adopted?
Potentially better performance for string-based dispatch code.
MAJOR DISADVANTAGE: There is always a cost.
Some increased implementation and testing complexity for the compiler.
ALTERNATIVES: Can the benefits and advantages be had some way without a
language change?
No; chained if-then-else tests for string equality are potentially
expensive and introducing an enum for its switchable constants, one per
string value of interest, would add another type to a program without
good cause...
Best Answer
SELECT * FROM...
, God kills a kitten. And you hate kittens.