I am sure that people use the stored procedures for many other reasons, but these were the two main ones we focused on in the discussion. In terms of your two suggestions, I would group the first one in with the second point from my entry in that the server is better able to manage the overall query/process that needs to be done.
The second point you made regarding using stored procedures for avoiding SQL injection is maybe another reason that may be outdated now. Every person I know who has dealt with this problem uses the same approach now in using prepared statements. These offer the protection that you need, and are also optimised (similar to your first point) by storing the compiled statements for reuse and therefore reducing parsing times etc.
So I still think my point stands in regards to using web services rather than a stored procedure api layer. :)
Thanks David! I am sure that
Thanks David!
I am sure that people use the stored procedures for many other reasons, but these were the two main ones we focused on in the discussion. In terms of your two suggestions, I would group the first one in with the second point from my entry in that the server is better able to manage the overall query/process that needs to be done.
The second point you made regarding using stored procedures for avoiding SQL injection is maybe another reason that may be outdated now. Every person I know who has dealt with this problem uses the same approach now in using prepared statements. These offer the protection that you need, and are also optimised (similar to your first point) by storing the compiled statements for reuse and therefore reducing parsing times etc.
So I still think my point stands in regards to using web services rather than a stored procedure api layer. :)