tags:

views:

74

answers:

5
+2  Q: 

Use of StoredProcs in an application

hi. we're in the process of designing an enterprise application & our technical architects suggest that "lets have no sql queries in the code. even if its a simple select call to the database a stored procedure should be written for it in the database & the code should call it."

my issue with this is that it seems like a dumb idea to have only stored procedures & no queries what so ever in the whole code! our guys are convinced on this idea but i have my doubts about it... what do you guys have to say?

if its a good idea, i'd love it if someone could tell me reasons supporting it.

and if its a bad idea, please tell me what argument can present to them to convince them otherwise.

appreciate your help.

thx -ksm

+6  A: 

Here's open reason in favour of stored procedures: Why use Stored Procedures?

I'll also add: coded correctly, a stored procedure can be treated like a method: it has return type (dataset(s)), parameters etc

Saying that, I would be inclined nowadays:

  • to force writes via stored procedures
  • allow queries onto tables directly via Linq or such
  • ensure I use stored procedures for complex aggregates

There is no "yes" or "no" answer

gbn  2010-10-28 06:48:20
Well there is a "No"-Answer to the option of spreading the sql statements all over the code.
Yves M.  2010-10-28 06:55:11
gbn - your three bullet points resonate with me...that is the approach I try to adopt...
Remnant  2010-10-28 06:58:17
ksm  2010-10-28 07:04:00
its a great article btw... thx for that.
ksm  2010-10-28 07:06:38
@Yves M.: I would assume a proper DAL with separation and LINQ all in one place. If you need SQL in code then it should be in a stored proc. A stored proc *can* be part of your middleware...
gbn  2010-10-28 07:44:31
I'd personally go with "only stored procs" too actually - when you allow simple queries within the code the step to update one simple field from code is soo small you'd be inclined to keep that as quick solution. Besides that; maintaining SQL code from SQL server really helps to maintain your code better.
riffnl  2010-10-28 07:49:22
+1  A: 

Avoiding SQL queries in code is good practice. Hoever, modern best practice for avoiding inline SQL does not involve writing stored procedures, but rather to using Object-Relational Mapping technology. This reduces the amount of code and importantly ensures that logic doesn't enter the data tier.

Alex  2010-10-28 06:49:19
ksm  2010-10-28 06:59:34
+1  A: 

There's no right answer to this. Stored procedures will make you code look a little cleaner, they may even run faster on some SQL servers but they for sure are much harder to maintain, change and migrate (especially when you need to switch to another SQL vendor for any reason).

Vladimir Volodin  2010-10-28 06:50:52
I wouldn't agree to the "are much harder to maintain"...
Yves M.  2010-10-28 06:53:44
Yves, could you pls detail your point?
ksm  2010-10-28 07:05:31
I may have over exaggerated a bit but as a developer I really shouldn't care about which sql vendor I'm using. I also don't really look into changing things on sql server when I need to change my query. I'm also not fond about putting any business logic into DB layer (queries more complex that CRUD operations WILL contain business logic).
Vladimir Volodin  2010-10-28 07:25:32
+4  A: 

My opinion on having ALL queries executed via stored procedures

Point 1:

It was REALLY useful in the days when having a DAL layer was not very common because doing it via SP's provided the same confidence that your DB changes would never impact any over lying layers other than 1.

Nowadays, with DAL layers being the norm, you get the same separation using a DAL and i do not really see too much additional value to having SP's in this regard. (Having a DAL layer assumes that your SQL queries are only in your DAL and nowhere else)

Point 2 :

Also, in older databases (atleast SQL Server 7 and maybe even 2000), there was a performance benefit due to caching of SP execution plans where as executing direct SQL would be slower due to this.

Nowdays, most databases cache ad-hoc queries also and this benefit too is no longer a criteria.

Point 3 :

Also, in older systems, a lot of business logic used to be embedded in the database. Having business logic embedded in the database meant writing LONG and complicated procedures. So, since procedures were anyways present, it became useful to make it consistent by saying "lets make everything a procedure"

Nowdays, most applications refrain from putting business logic anywhere in the database. So it is very likely that other than SELECTS, the CRUD statements will usually be very simple and straightforward in most object oriented systems.

Summary : I personally think that forcing a SP for every query is old fashioned. There is no harm to doing it. But i am really hard pressed to think of any real benefit to doing it provided you have a DAL / Business layer and a DB engine good enough to cache your query plans for your queries

InSane  2010-10-28 07:19:59
+1. I think you have correctly summarized the mind-change. IMHO complicated SQL => too much business logic in the database.
Noel Abrahams  2010-10-28 07:38:42
Simple CRUD is for mickey mouse systems: most real world systems are far more complex eg require transactions for multiple table writes
gbn  2010-10-28 07:43:18
@gbn - Agreed. And that can very well be controlled at the class level. Doesnt have to complicate the CRUD logic necessarily.
InSane  2010-10-28 07:49:46
A: 

Stored procedures may seem like overkill in some instances but they are not.

Let's say you are trying to figure out if a stored procedure query will return the results you want. You can set default values for your input parameters and run the query directly from query analyzer and you do not have to use the application.

If you want to tweek a stored procedure query without interfering with the application. You can simply make a copy of the stored procedure and tweak and test the copy over and over until it's correct.

This assumes your stored procedure is only querying the data and not modifying the data.

Once you start using stored procedures, and get comfortable with them you will say to yourself, "Wow, I wish I had been using these a long time ago."

Stored procedures also help you prevent SQL Injection in web based applications. If your application is web based then do some reading on how to prevent SQL Injection.

Cape Cod Gunny  2010-10-31 01:35:50

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?