I would like to understand better how does ORMs works behind the curtains and how is it able to transform commands and functions into queries for relational and non relational databases and why is it safer than just querying directly from database connection in the backend.
I tried searching about it but only found documentation and ways of using ORM itselft rather than what it really does when you use it.-
In general, the typeOrm uses something called decorators (Read more about decorators at https://www.typescriptlang.org/docs/handbook/decorators.html ). Basically, they are nothing but a function, which can access the variable information it is annotated with.
E.g.: @Entity(), @PrimaryGeneratedColumn() and @Column() are decorator functions which are provided by TypeOrm library.
So, with the help of this Decorator functions, TypeOrm can generate optimised and secure code for interative with your Database.
SQL injection is very famous type of attack for Servers using SQL database, hence it is very essential to have security while writting the SQL query. You would manually need to sanitise the data, which TypeOrm internally takes care. (Ref: https://dev.to/yoshi_yoshi/typeorm-prevent-sql-injection-with-node-js-react-typescript-in-2021-1go4 )