Does stored procedure help eliminates SQL injection / What are the benefits of stored procedured over normal SQL statement in apps?

Question

I\'m pretty new to SQL world. Here are my questions:

• What are the benefits of stored procedured over normal SQL statement in applications?
• Does stored pro

Answer 1

Some of the benefits that I consider when using stored procedures

• Stored procedures encapsulate query code at the server, rather than inside your application. This allows you to make changes to queries without having to recompile your application.
• Stored procedures can be used for more well defined application security. You can Deny all rights on the base tables, grant execute only on the procs. This gives you a much smaller security footprint to manage.
• Stored procedures are compiled code. With the latest versions of MSSQL the server does a better job of storing execution plans - so this isn't as big of an issue as it used to be, but still something to consider
• Stored procedures eliminate SQL injection risk ONLY when used correctly. Make sure to use the parameters the right way inside the stored proc - stored procs that are just executing concatenated dynamic SQL inside them aren't doing anyone any good.