SQL says that stored procedures are
nothing but they are a group of one or more Transact-SQL statements compiled
into a single execution plan which are stored in the database data dictionary.
In more easy words, we can say that stored procedures are used to bind SQL queries
together in a transaction and interface with the outside world. They are very
important feature of SQL because they are very helpful in controlling access to
data, preserving data integrity and improving productivity.
Furthermore,
stored procedures can have consolidate and centralize data logic that was originally
implemented in applications. Extensive or complex processing that requires
execution of several SQL statements is moved into stored procedures and all
applications call the procedures. One can use nested stored procedures by
executing one stored procedure from within another.
In
Microsoft SQL Server, stored procedures return data in four ways:
- Output parameters, which can return either data (such as an integer or character value) or a cursor variable (cursors are result sets that can be retrieved one row at a time).
- Return codes, which are always an integer value.
- A result set for each SELECT statement contained in the stored procedure or any other stored procedures called by the stored procedure.
- A global cursor that can be referenced outside of that stored procedure.
A
stored procedure can accept parameters that are passed to it and perform the
defined business operations and logic. We can write a stored procedure once and then call it
again and again from different parts of an application or even more than one or
more application. Stored procedures can also improve performance. Many tasks
are implemented as a series of SQL statements. Conditional logic applied to the
results of the first SQL statements determines which subsequent SQL statements
are executed.
Stored
procedures can also shield users from needing to know the details of the tables
in the database because a set of stored procedures supports all of the business
functions users need to perform, users never need to access the tables
directly; they can just execute the stored procedures that model the business
processes with which they are familiar.
Benefits of Stored Procedures
By using SP, it also give us a guarantee what execution plan is used for the query. It will not be affected by any programming language or driver. That's why sometimes a piece of query runs well in the db SQL management tool but runs poorly in the application. In addition, SPs reduce the db calls but not increase.
There are lot of benefits of SQL stored procedures in term of modular programming, faster execution, reduce network traffic and security mechanism such as mentioned below:
There are lot of benefits of SQL stored procedures in term of modular programming, faster execution, reduce network traffic and security mechanism such as mentioned below:
Modular Programming
|
They
are created once in the database and call it any number of times by the
programs. They can be easily modified independently of the program source
code and there will no need in the business application.
|
Faster Execution
|
They
are parsed and optimized when they are first executed, and a compiled version
of the stored procedure remains in memory cache for later use. This means the
stored procedure does not need to be reparsed and re-optimized with each use
resulting in much faster execution times.
|
Reduce Network Traffic
|
Stored
procedures can have many individual SQL queries but can be executed with a
single statement. This allows us to reduce the number and size of calls from
the client to server.
|
Security Mechanism
|
Users
can be granted permission to execute a stored procedure even if they do not
have permission to execute the procedure's statements directly.
|
protection from SQL injection attacks
|
Stored
procedures can be used to protect against injection attacks. Stored procedure
parameters will be treated as data even if an attacker inserts SQL commands.
Also, some DBMSs will check the parameter's type. A stored procedure that in
turn generates dynamic SQL using the input is however still vulnerable to SQL
injections unless proper precautions are taken.
|
Disadvantage of using Stored Procedures
There
are some disadvantages of stored procedures which are given below:
- Debugging large stored procedures can be very difficult in case of any failure.
- Stored procedure languages are quite often vendor-specific. Switching to another vendor's database most likely requires rewriting any existing stored procedures.
- Stored procedure languages from different vendors have different levels of sophistication.
- Tool support for writing and debugging stored procedures is often not as good as for other programming languages, but this differs between vendors and languages.
- Changes to stored procedures are more difficult to keep track of within a version control system than other code.
- Changes must be reproduced as scripts to be stored in the project history to be included, and differences in procedures can be more difficult to merge and track correctly.
- Stored procedures can grow into an unmaintainable mess if not written carefully. While this is true of any language, it's especially true of SQL server stored procedures.
A SQL Server stored procedure is created with the Transact-SQL CREATE PROCEDURE statement and can be modified with the ALTER PROCEDURE statement. The stored procedure definition contains two primary components: the specification of the procedure name and its parameters, and the body of the procedure, which contains Transact-SQL statements that perform the procedure's operations.
Working with Stored Procedures
As we
know that they are nothing more than stored SQL code that we would like to use
over and over again. To understand the functionality of stored procedures, we
can easily differentiate it in the following steps-
- Create Stored Procedure
- Execute Stored Procedure
- Modify or Alter Stored Procedure
- Delete Stored Procedure
Where can we use Stored Procedures?
Database usually is the biggest investment in the solution. You will probably be ending up using something that is specific to your database if you want to get the best performance from it, which means running your system at a lower (machine) cost and faster-- If you have a good balance of which parts of your business logic goes inside your SPs, you will be in a good place.
- If you want to make your system fast and reliable, try to use as much db features as possible. Coding in a database independent way is totally waste until the day you want to change database.
- If you want to utilise extensively your db features in your application, as a result there will be lot of unnecessary DB calls which itself will result in other issues e.g db sessions, connection leakages and so on.
Conclusion
We
can say that stored procedures are like small programs in SQL Server. They can
be simple as a select statement or as more complex based on our needs as a long
script (DML statements) that adds, deletes, updates and/or reads data from
multiple tables in a database. We can use transactions within them. They can be
easily scheduled to run at the specific time through SQL Server Agent. Stored
procedure takes both input and output parameters based on the requirement.
Learn more on another feature of SQL as:
References
https://technet.microsoft.com/en-us/library/aa174792(v=sql.80).aspx
No comments:
Post a Comment