This advice always struck me as funny, because an ORM will select every column in a table too, even ones you aren't going to use. So the corollary to this is: never use an ORM.
One would catch a lot of debate (never use an ORM), the other mostly doesn't (never use select *). Maybe most people that use an ORM don't connect these dots though.
IMHO if you are using a scripted language, I find it easier to NOT use an ORM/ODM layer.
function lookupFoo(baz) {
const sql = await db.init();
const result = await sql.query`
SELECT x, y, z
FROM foo
WHERE bar = ${baz}
`;
return result.records.map(mapResultsToFoo)[0];
}
I really hope that sql.query does proper escaping, because otherwise, you're going to have a jolly time, when Bobby Drop Tables signs up for your service.
One would catch a lot of debate (never use an ORM), the other mostly doesn't (never use select *). Maybe most people that use an ORM don't connect these dots though.