tags:

views:

108

answers:

4

Im wondering about the real advantage of performing dml commands (inserts, updates, deletes) in the database via stored procedures for simple CRUD applications. Whats the beneffit with that appoach over just using some generic procedure in the front-end that generates the dml commands?

Thanks in advance.

+1  A: 

Visual Foxpro? For single record updates, I doubt that there is any performance benefit to SP's. The effort to maintain them certainly trumps any marginal performance gain you might get.

The stored procedures gurus might have thoughts on other benefits besides performance.

Robert Harvey
Ok. But im guessing that marginal performance gain has nothing to do with the fact that this one is a Visual FoxPro app... i mean it would be the same with any other front end application, so why is everyone talking about the 'rule' of creating SPs for each DML command???
Enmanuel
There is no rule, there is only what works best for your application. There are many shops that follow that "rule" and do very well by it. Doesn't mean you have to.
Robert Harvey
You're right...it has nothing to do specifically with FoxPro.
Robert Harvey
+1  A: 

One of the main benefits is control of access. The application only has EXECUTE permission and no direct data access permission. This way the administrator can inspect the procedures and ensure they use proper access paths (ie. indexes). If the application has direct access to the tables, developers will write crappy SQL and bring down the server.

Remus Rusanu
+1  A: 

Performance wise you are unlikely to see any benefit. I think it is more about security of the database.

The advantage of stored procedures in any case is the ability for the DBA to control the security access to the data differently. It often is a preference call by the DBA. Putting the CRUD access to the server in the server means they control 100% access to the server. Your code has to meet their stored proc "API".

If you include the logic in the Visual FoxPro code via a remote view, cursor adapter, or SQL Passthrough SQLExec() it means you have 100% of the code control and the DBA has to grant you access to the database components, or through the application role your code would use for the connection. Your code might be a bit more flexible with respect to building the CRUD SQL statement on the fly. The stored proc is going to have to handle flexible parameters to build the statements generically.

Rick Schummer

Rick Schummer
+1  A: 

For stored procs:

  • Remove SQL injection risks
  • Encapsulation (security, treat them like methods)
  • Allow client code to change (same API to database)
  • Deal with increased complexity (eg insert parent an child in a SQL-side transaction)
  • Easier to manage transactions
gbn
Thanks everyone. I have a better perspective now.
Enmanuel