SQL Server knowledge center

everything about SQL Server
See also: Other Geeks@INDC

Pro and Cons between Ad Hoc SQL and Stored Procedure

Pro and Cons between Ad Hoc SQL and Stored Procedure

By : Kasim Wirama, MCDBA

 

Before I give the pro and cons between Ad Hoc SQL and stored procedure, I would like to define what Ad Hoc SQL is. Ad Hoc SQL is SQL statements that is emitted from application into database. They are SELECT, INSERT, UPDATE and DELETE. Ad hoc SQL is generated runtime by application into database. In online and offline discussion, some professionals prefer using ad hoc SQL rather than stored procedure, and the others prefer using stored procedure.

For me, both have advantages and disadvantages, it depends the scenario that directs your architecture. Here are some points I find here.

When you need flexibility with every possible query that comes from application tier into database tier, ad hoc SQL is preferred way to go. Performance might be better in case of you just need necessary columns in SQL statements, not all of them.

When you use ad hoc SQL, you will make your application low cohesion and high coupling. Even small changes will impact to changes to your application tier as well. If you emit some SQL statements as one batch, the complexity will rise, and it will not be easy to maintain. Of course, care should be taken to safeguard the ad hoc SQL from possibility of SQL injection. In case of performance issue in your application, it is harder to do because many possibilities come from ad hoc SQL and you need to change and re-deploy your application.

The good point, when stored procedure is used, is that they provide encapsulation from complex logic. Dynamic SQL can be safely implemented in stored procedure and the problem could be easier to handle because it is localized. You can grant stored procedure only instead of giving user to directly interact with tables in a database. Performance tuning would be easier to do in stored procedure rather in ad hoc SQL.

Do you think there are no cons for using stored procedure? Not really. Stored procedure is more rigid rather that ad hoc SQL so don’t put frequently-changed business logic and rule into stored procedure, better to put them in application tier. You have limited options to make just necessary columns involved dynamically.

Hopefully, it will give you guidance which one is appropriate to implement based on your nature of application.

 

Share this post: | | | |
Posted: Mar 22 2008, 08:48 AM by Kasim.Wirama | with 2 comment(s)
Filed under:

Comments

ariswb said:

halo..

saya sering banget .. hampir 95 % aplikasi yg kami buat selalu menggunakan sp. keuntungannya bila ada perubahan akan mudah mengubahnya dibanding bila harus mengubah di adhoc sql.

ada pertanyaan:

Apa kerugiannya bila kita menggunakan sp dengan lintas db? misal saya punya 3 buah db, db data, db sp, db reporting. semua sp saya taruh di db sp. untuk memasukan data (db data) saya menggunakan dbdata.dbo.namatable.. kira2 cukup beresiko gak menggunakan sp untuk lintas db.

thx

# March 22, 2008 9:26 PM

Kasim Wirama said:

Thanks atas pertanyaannya, saya coba jawab, secara prinsip saya jawab "ya", cukup risky untuk cross database, hal ini berkaitan dengan cross database ownership chain. Hal ini menjadi isu sekuriti di dalam database SQL Server 2000. Namun isu sekuriti ini resolve di SQL Server 2005 dengan penggunaan account impersonation lewat keyword WITH EXECUTE AS OWNER atau SELF di dalam deklarasi stored procedure. Untuk highest security, saya sarankan gunakan certificate di dalam SQL Server 2005. Thanks atas interestnya.

# March 23, 2008 3:56 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 
Are you human?:  


Enter the numbers above: