Why (and when to) use stored procedures?

views:

answers:

+2 Q:

Why (and when to) use stored procedures?

Possible Duplicate:
What are the pros and cons to keeping SQL in Stored Procs versus Code

What would be appropriate scenario when stored procedures should be used?

I stumbled upon implementation where almost whole data manipulation was handled by store procedures, even simplest form of INSERT/DELETE statements were wrapped and used via SP's.

So, what's the rationale for using stored procedures in general?

Sorry for such a beginners question..

+2 A:

Two reasons I know of:

Security

The stored procedures are secure from attacks such as SQL injection attacks

Speed

Stored procedures are sometimes precompiled which makes execution faster.

Tom Gullen 2010-06-16 23:01:27

+1 A:

for me it is the same question as whether or not to create a function/method while programming.

For example if the functionality is needed to be repeated in many places, or is going to be called more than once then it should be in a function.

Jacob 2010-06-16 23:02:04

If a sql is called in many places, you can reuse your code without creating clunky hard to maintain stored procedures ;)

bwawok 2010-06-16 23:03:36

I don't mean from the scenario of using code to call stored procedures. In which case yes you could just wrap the same SQL call in a method. I was trying to liken using SQL to coding, which is James has articulated better than I did -> "good reason to use Stored Procedures is code re-use. If you find yourself writing the same SQL all over the place its usually a sign that it should be a stored procedure." Not necessarily from within a program, but general DB maintenance and from multiple programs/utilities, etc.

Jacob 2010-06-16 23:40:10

+1 A:

It allows you to keep data access near the data. I have worked in systems where all data access was stored procs with server side wrapper functions. It was pretty clean ( but not as 'cool' as an ORM )

BioBuckyBall 2010-06-16 23:03:47

+2 A:

Outwith the reasons @Tom has already pointed out which are probably the most important (Speed/Security) I would also say that another good reason to use Stored Procedures is code re-use. If you find yourself writing the same SQL all over the place its usually a sign that it should be a stored procedure. Also, another good reason is it allows not only developers, but DBA's the ability to change/add new procedures if required.

James 2010-06-16 23:04:31

+1 For the Mention of DBA's. I'll often cobble together the first draft of a complex stored proc and the DBA will then fine tune it if extra performance is needed.

Jon P 2010-06-16 23:10:07

I find this answer most complete and to the point. Thanks everyone.

mr.b 2010-06-16 23:27:50

+1 A:

When other systems need to access your data and you need to provide an API at the database - Procs would be a way to allow you control over what/how they access it.

I am answering from an enterprise perspective.

Brian Schmitt 2010-06-16 23:06:37

Good point. Although I believe adding layer between data and other systems is the best approach in most scenarios, I am aware that it sometimes just might not be doable due to defined goals.

mr.b 2010-06-16 23:30:14

two types of designs,

Put all/most of business logic on DB server
Put all/most of Business logic on application server.

In #1, you use Stored procedure to implement your application logic instead of the programming language. In #2, you use the programming language to implement the logic, and it is easier to debug and allow code reuse and all other features that any programming language provides.

If you are a DB guru (and your app is mid to small), choose the first approach, otherwise choose second approach.

BTW, you will find .NET app uses the first approach, and Java app followed the second.

Mohammed 2010-06-16 23:09:01

ansaurus

tags:

views:

answers:

Why (and when to) use stored procedures?

related questions