I'm a stored proc guy, but a lot of people at my company use inline
sql in their apps, sometimes putting the sql in a text file, sometimes
hardcoding it. They don't see much benefit from procs, and say anyway
they're are db specific- what if we change from SQL Server to Oracle
one day?
What say you experts? Is this one of those "no right answer"
questions?
Thanks,
Burt
I'll tell you what's been working for me for years: dynamically
generating SQL from my object model. Which implies first of all that I
do have an object model. I use two functions (static to boot because I
don't want to create objects more than necessary) :
- Read (which generates SELECT)
- Write (which generates either INSERT, UPDATE or DELETE).
I get 90% of my app working this way; the other 10% is custom sql or
stored procedures that I write after a lot of performance profiling.
If performance is ok, no sprocs - and complete database independence.
Also, I found it pretty hard to inject SQL because all of it is
generated. And I get most of the benefits of stored procedures since
of course I use parameterized prepared statements. I only update
columns that I actually changed in the objects, which increases
concurrency (two users are able to change different columns of the
same row at the same time). I don't need to pass any parameters to
stored procedures. My systems have never been so clean and
uncluttered. Life is good.
I would stay away from the DAAB but the microsoft buffs may disagree
(reasonable people really disagree over this very topic). Also, if you
sold your soul to a database vendor, well, maybe better stick with
it.
Otavio