Which is better: Ad hoc queries or stored procedures? [closed]

Answer 1

Stored procedure work as block of code so in place of adhoc query it work fast. Another thing is stored procedure give recompile option which the best part of SQL you just use this for stored procedures nothing like this in adhoc query.

Some result in query and stored procedure are different that's my personal exp. Use cast and covert function for check this.

Must use stored procedure for big projects to improve the performance.

I had 420 procedures in my project and it's work fine for me. I work for last 3 years on this project.

So use only procedures for any transaction.

Answer 2

The sproc performance argument is moot - the 3 top RDBMs use query plan caching and have been for awhile. Its been documented... Or is 1995 still?

However, embedding SQL in your app is a terrible design too - code maintenance seems to be a missing concept for many.

If an application can start from scratch with an ORM (greenfield applications are far and few between!) its a great choice as your class model drives your DB model - and saves LOTS of time.

If an ORM framework is not available we have taken a hybrid of approach of creating an SQL resource XML file to look up SQL strings as we need them (they are then cached by the resource framework). If the SQL needs any minor manipulation its done in code - if major SQL string manipulation is needed we rethink the approach.

This hybrid approach lends to easy management by the developers (maybe we are the minority as my team is bright enough to read a query plan) and deployment is a simple checkout from SVN. Also, it makes switching RDBMs easier - just swap out the SQL resource file (not as easy as an ORM tool of course, but connecting to legacy systems or non-supported database this works)

Answer 3

Procs for the reasons mentioned by others and also it is easier to tune a proc with profiler or parts of a proc. This way you don't have to tell someone to run his app to find out what is being sent to SQL server

If you do use ad-hoc queries make sure that they are parameterized

Answer 4

Stored procedures represent a software contract that encapsulates the actions taken against the database. The code in the procedures, and even the schema of the database itself can be changed without affecting compiled, deployed code, just so the inputs and outputs of the procedure remain the same.

By embedding queries in your application, you are tightly coupling yourself to your data model.

For the same reason, it is also not good practice to simply create stored procedures that are just CRUD queries against every table in your database, since this is still tight coupling. The procedures should instead be bulky, coarse grained operations.

From a security perspective, it is good practice to disallow db_datareader and db_datawriter from your application and only allow access to stored procedures.