Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Stored procedure
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Comparison with static SQL== ;Overhead: Because stored procedure statements are stored directly in the database, they ''may'' remove all or part of the compiling overhead that is typically needed when software applications send inline (dynamic) SQL queries to a database. (However, most database systems implement ''statement [[Cache (computing)|caches]]'' and other methods to avoid repetitively compiling dynamic SQL statements.) Also, while they avoid some pre-compiled SQL, statements add to the complexity of creating an optimal execution plan because not all arguments of the SQL statement are supplied at compile time. Depending on the specific database implementation and configuration, mixed performance results will be seen from stored procedures versus generic queries or user defined functions. ;Avoiding network traffic: A major advantage of stored procedures is that they can run directly within the [[database engine]]. In a production system, this typically means that the procedures run entirely on a specialized database server with direct access to the data. The benefit is that it saves network costs, which stands out when a series of SQL statements are involved. ;Encapsulating business logic: Stored procedures allow programmers to embed [[business logic]] as an API in the database, which can simplify data management and reduce the need to encode the logic elsewhere in client programs. This can result in a lesser likelihood of data corruption by faulty client programs. The database system can ensure [[data integrity]] and [[Data consistency|consistency]] with the help of stored procedures. ;Delegating access-rights: In many systems, stored procedures can be granted access rights to the database that users who execute those procedures do not directly have. ;Some protection from SQL injection attacks: Stored procedures can be used to protect against injection attacks. Stored procedure parameters will be treated as data even if an attacker inserts SQL commands. Also, some DBMS will check the parameter's type. However, a stored procedure that in turn generates dynamic SQL using the input is still vulnerable to SQL injections unless proper precautions are taken.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)