Currently, I only use stored procedures, is this considered good practice or bad? I find it helpful to separate my SQL code from my PHP code, and I also remember hearing in a PHP course I took a few semesters back that stored procedures are more secure.
views:
60answers:
1
+4
A:
In the past, stored procedures and prepared statements were always faster than dynamic SQL strings sent to a database. These days, although that might still be the case sometimes, the differences are minor, if not negligible, so the major benefits of a stored procedure are safety from SQL injection attacks, and also as a layer of abstraction between the application code and the database (allowing you to use the same queries easily across different DB APIs or even different languages). So in general I'd still prefer stored procedures where possible.
Kylotan
2010-07-29 16:25:30
OMG Ponies
2010-07-29 16:37:09
Awesome, I currently have a function that allows me to build a CALL statement for stored procedures. The function takes in the name of a procedure as well as an array filled with the data being processed and then it does the magic. It's very simple and helpful, I'm glad I don't have to get rid of it!
Cody.Stewart
2010-07-29 16:42:37