"Rather than defining tables themselves, you define attributes that can be used on any table, using defattributes like so"
This seems to imply a deep constraint that an attribute name MUST always be validated and handled the same way. A pretty serious limitation, IMO...
Also, if you're using a SQL client that makes "Parameterization of 'BOB' into a variable lack elegance", I'd recommend getting a better SQL client. Placeholders are SQL Interface 101 stuff.
Sorry if the documentation is lacking; you can put anything you want in an attribute. Defattributes is simply a convenience macro that defines validation functions (as well as row getter functions) that you can use if you want, or not.
Generally SQL parameterization interfaces (in mainstream languages) involve syntax like:
execute("SELECT * FROM FOO WHERE BAR = ?bar AND BAZ = ?baz", {'bar': bar, 'baz': baz})
At best you have something cleaner in languages with string interpolation, but the use of string interpolation itself is debatable.
I stand by the claim that those approaches lack elegance, but if it's really "SQL Interface 101" to do it better, please share some examples. I'd be curious to see them.
This seems to imply a deep constraint that an attribute name MUST always be validated and handled the same way. A pretty serious limitation, IMO...
Also, if you're using a SQL client that makes "Parameterization of 'BOB' into a variable lack elegance", I'd recommend getting a better SQL client. Placeholders are SQL Interface 101 stuff.