Stored procedure: A collection of precompiled T-SQL statements and flow control statements stored with a name
written by a database developer or database administrator
to perform administrative tasks or apply complex business rules
Advantages: Faster execution
on first run, Perform optimization and compilation to get the execution plan and store the plan in the system table, and run it directly later.
Realize that multiple programs share application logic
Component-based programming
can shield the structure of the database, achieve higher security and
reduce network traffic
Stored procedure vs SQL statement
Advantage:
1. Improve performance
SQL statements are analyzed and compiled when the process is created. Stored procedures are precompiled. When a stored procedure is run for the first time, the query optimizer analyzes and optimizes it, and gives a stored plan that is finally stored in the system table, so that this overhead can be saved when executing the procedure.
2. Reduce the network overhead
The stored procedure name and necessary parameter information need only be provided when the stored procedure is called, thereby reducing the network traffic.
3. It is convenient for code porting.
Database professionals can modify the stored procedure at any time, but it has no effect on the application source code, thus greatly improving the portability of the program.
4. Stronger security
1) The system administrator can restrict the permissions of a stored procedure to be executed to prevent unauthorized users from accessing data
2) When calling a procedure through the network, only the call to the execution procedure is visible . Therefore, malicious users cannot see table and database object names, embed their own Transact-SQL statements, or search for critical data.
3) Using procedure parameters helps to avoid SQL injection attacks. Because parameter input is treated as a literal value rather than executable code, it is more difficult for an attacker to insert commands into Transact-SQL statements within a procedure and compromise security.
4) The process can be encrypted, which helps to obfuscate the source code.
Disadvantage:
1. Stored procedures require specialized database developers to maintain, but the actual situation is that program developers are often part-timers
2. Design logic changes, modifying stored procedures is not as flexible as SQL
Why are stored procedures relatively rarely used in practical applications?
In the usual project development, relatively few stored procedures are used. Why?
The reasons for the analysis are as follows:
1) There is no specific database developer, and ordinary programmers perform database operations part-time.
2) Programmers often only need to operate the program to complete data access, and there is no need to develop on the database.
3) Project requirements change frequently , it is more convenient to modify the SQL statement, especially involving logical changes
How to choose between stored procedure and SQL statement?
Based on practical experience, the following suggestions are given:
1. In some projects with high efficiency or high normative requirements, it is recommended to use stored procedures
. 2. For general projects, it is recommended to use parameterized commands, which are a compromise between stored procedures and SQL statements.
3. Comparison of some algorithm requirements High, involving multiple pieces of data logic, it is recommended to use stored procedures