Stored procedure
From Wikipedia, the free encyclopedia
A stored procedure is a subroutine available to applications accessing a relational database system. Stored procedures (sometimes called a proc, sproc, StoPro, or SP) are actually stored in the database data dictionary.
Typical uses for stored procedures include data validation (integrated into the database) or access control mechanisms. Furthermore, stored procedures are used to consolidate and centralize logic that was originally implemented in applications. Large or complex processing that might require the execution of several SQL statements is moved into stored procedures and all applications call the procedures only.
Stored procedures are similar to user-defined functions (UDFs). The major difference is that UDFs can be used like any other expression within SQL statements, whereas stored procedures must be invoked using the CALL
statement[citation needed]
CALL procedure(…)
or
EXECUTE procedure(…)
Stored procedures can return result sets, i.e. the results of a SELECT
statement. Such result sets can be processed using cursors by other stored procedures by associating a result set locator, or by applications. Stored procedures may also contain declared variables for processing data and cursors that allow it to loop through multiple rows in a table. The standard Structured Query Language provides IF
, WHILE
, LOOP
, REPEAT
, CASE
statements, and more. Stored procedures can receive variables, return results or modify variables and return them, depending on how and where the variable is declared.
Contents |
[edit] Implementation
The exact and correct implementation of stored procedure varies from one database system to another. Most major database vendors support them in some form. Depending on the database system, stored procedures can be implemented in a variety of programming languages, for example SQL, Java, C, or C++. Stored procedures written in non-SQL programming languages may or may not execute SQL statements themselves.
The increasing adoption of stored procedures led to the introduction of procedural elements to the SQL language in the SQL:1999 and SQL:2003 standards in the part SQL/PSM. That made SQL an imperative programming language. Most database systems offer proprietary and vendor-specific extensions, exceeding SQL/PSM. For example, Microsoft SQL Server allows for stored procedures to be written using Transact-SQL; Oracle calls its dialect PL/SQL, DB2 uses SQL/PL, PostgreSQL provides PL/pgSQL and also allows users to define their own function languages such as pl/perl or pl/php, and MySQL supports their own stored procedures that try to adhere closely to the SQL:2003 standard
[edit] Other uses
In some systems, stored procedures can be used to control transaction management; in others, stored procedures run inside a transaction such that transactions are effectively transparent to them. Stored procedures can also be invoked from a database trigger or a condition handler. For example, a stored procedure may be triggered by an insert on a specific table, or update of a specific field in a table, and the code inside the stored procedure would be executed. Writing stored procedures as condition handlers also allow DBAs to track errors in the system with greater detail by using stored procedures to catch the errors and record some audit information in the database or an external resource like a file.
[edit] Comparison with Dynamic SQL
Because stored procedure statements are stored directly in the database, this can remove the compilation overhead that is typically required in situations where software applications send inline (dynamic) SQL queries to a database. However, most database systems implement statement caches to avoid repetitive compilation of dynamic SQL statements. In addition, pre-compiled SQL statements, while avoiding some overhead, add to the complexity of creating an optimal execution plan because not all arguments of the SQL statement are supplied at compile time. Depending on the specific database implementation and configuration, mixed performance results will be seen from stored procedures versus generic queries or user defined functions.
A major advantage with stored procedures is that they can run directly within the database engine. In a production system, this typically means that the procedures run entirely on a specialized database server, which has direct access to the data being accessed. The benefit here is that network communication costs can be avoided completely. This becomes particularly important for complex series of SQL statements.
Stored procedures allow for business logic to be embedded as an API in the database, which can simplify data management and reduce the need to encode the logic elsewhere in client programs. This may result in a lesser likelihood of data becoming corrupted through the use of faulty client programs. Thus, the database system can ensure data integrity and consistency with the help of stored procedures.
[edit] Difference between Stored Procedures and Functions
a. Only function can Return a value (to be precise using the Return keyword)
b. Procedures can use ‘Return’ keyword but without any value being passed
c. Functions could be used in select statements, provided they don’t do any data manipulation inside and also should not have any OUT, IN OUT parameters.
[edit] Disadvantages
Stored procedures are often said to be more secure than dynamic SQL, since users may have no direct table access. In real world, the database is most often used not by users, but by programmers. If they are restricted to a fixed set of procedures and not allowed to run proper queries, the system will perform poorly. In order to fix this, the developers need to have access to actually modify the procedures, which is far more administrative privilege than allowing simple select/insert/update/delete statements. Spurious changes to stored procedures may lead to destabilizing remote parts of code. Splitting project team into database and application developers creates extra bureaucracy barrier, which in non security-critical systems is mostly parasitic.
Impossibility of using "where something in (value1, value2, ...)" may lead some developers to write code that passes SQL as a string to a stored procedure, leading to far more dangerous SQL injection attacks than are feasible with sanitized parameterised queries.
Further more, some modern DBMS systems (notably MS SQL Server 2000>) don't offer any performance benefits of using stored procedures - they are compiled and cached in the same manner as dynamic SQL is. Indeed, it has been observed that using simple CRUD procedures creates only an extra efficiency overhead.
[edit] References
This article does not cite any references or sources. Please help improve this article by adding citations to reliable sources (ideally, using inline citations). Unsourced material may be challenged and removed. (October 2007) |
[edit] External links
- Multiple Queries in a Stored Procedure
- A guide to Stored Procedures using MySQL
- An overview of PostgreSQL Procedural Language support
- Using a stored procedure in Sybase ASE
- An overview of Stored Procedures using MS SQL
- Guide for developing Stored Procedures in DB2
- PL/SQL Procedures
|