The ARARAT system presented in this
paper offers an elegant method for dealing with
infamous predicaments of string based SQL queries, by coercing the host C++
compiler
to do the necessary checks of the generated strings. A library of templates (and
preprocessor directives)
effectively extends C++ with a little language
representing an augmented relational algebra formalism.
Type checking of this language extension, as done by the template library,
assures, at compile-time,
the correctness of the generated SQL strings. All SQL statements constructed by
the system are
immune to injection attacks.
The system provides also initial support for the task of defining C++ data
structures required for interaction with the
database. An optional pre-processor can be used to define the database scheme to
the C++ program. If the schema is
changed, compilation errors draw the attention of the user to locations in the
code that were effected by this change rather
than runtime errors that are harder to find.