Explain Codes LogoExplain Codes Logo

When should I use stored procedures?

sql
database-security
performance-optimization
best-practices
Anton ShumikhinbyAnton Shumikhin·Nov 17, 2024
TLDR

Stored procedures are ideal for complex transactions where a chunk of SQL statements must run collectively or when a specific operation is often repeated and thus needs efficient, precompiled execution. Here's an example of a customer credit update stored procedure:

CREATE PROCEDURE UpdateCustomerCredit 
@CustomerID int, 
@CreditChange float
AS
UPDATE Customers
    --increasing the customer's credit, hopefully not by a typo!
SET Credit = Credit + @CreditChange
WHERE CustomerID = @CustomerID;

To execute, all it takes is one line:

EXEC UpdateCustomerCredit 123, 150.00;
-- congrats, you just gave the customer a nice monetary surprise!

This efficient approach not only encapsulates the database operation but also improves execution speed, and preserves data integrity due to its reusable logic.

Centralization: Keeping your ducks in a row

Stored procedures allow you to centralize your application logic, making it easier to maintain. By consolidating your business logic into stored procedures, you ensure that changes are propagated throughout the business, thereby reducing inconsistencies.

Security: Your data's personal bodyguard

When it comes to protecting your data, stored procedures offer a robust defence mechanism. By denying direct table access and limiting interactions via stored procedures, you're fortifying your database against unauthorized access.

Performance: The need for speed

Sure, they may not win every race, but stored procedures can offer substantial performance gains, particularly for batch-processing large data sets or running tortuous queries that would require several rounds of communication between your application and database server.

Business Needs: The guiding compass

In the world of stored procedures, the business, customers, and users' needs are the guiding lights. Rather than locking horns over stored procedures because of technical predilections, the focus should be to understand the task's specific requirements and select a solution accordingly.

Reducing Complexity: K.I.S.S (Keep It Simple, Stupid)

Avoid entangling your application by over-complicating logic distribution between stored procedures and application code. When the division of logic becomes convoluted, debugging is no less than a horror film, and maintaining becomes a herculean task.

Architecture: Design with intent

Consider stored procedure use within a broader application architecture that leverages the strengths of stored procedures in tandem with application code where appropriate. Doing so may help deter unauthorized access and enhance overall security and processing efficiency.

explain-codes / Sql / When should I use stored procedures?
Linked

Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?

Execute STORED PROCEDURE FROM A FUNCTION

How to check if a stored procedure exists before creating it

Passing List<> to SQL Stored Procedure

Create parameterized VIEW in SQL Server 2008

Can parameterized statement stop all SQL injection?

How do I loop through a set of records in SQL Server?

Centralization: Keeping your ducks in a rowSecurity: Your data's personal bodyguardPerformance: The need for speedBusiness Needs: The guiding compassReducing Complexity: K.I.S.S (Keep It Simple, Stupid)Architecture: Design with intent
Linked

Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?

Execute STORED PROCEDURE FROM A FUNCTION

How to check if a stored procedure exists before creating it

Passing List<> to SQL Stored Procedure

Create parameterized VIEW in SQL Server 2008

Can parameterized statement stop all SQL injection?

How do I loop through a set of records in SQL Server?