Re: Writing most code in Stored Procedures

From: Steve Manes <smanes(at)magpie(dot)com>
To: PgSQL General ML <pgsql-general(at)postgresql(dot)org>
Subject: Re: Writing most code in Stored Procedures
Date: 2007-08-16 00:53:44
Message-ID: 46C3A018.3010400@magpie.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 8/15/07, Rohit <rpk(dot)general(at)gmail(dot)com> wrote:
> I have few queries regarding the use of Stored Procedures, Functions
> and Triggers in an RDBMS.
>
> (1) When to use Stored Procedure? Writing an INSERT query in a Stored
> Procedure is better or firing it from the application level?
>
> (2) Can a Trigger call a Stored Procedure?
>
> (3) What type of code must reside in application and what type in
> RDBMS?
>
> (4) Is it faster to work at application level or at the database level?

I'm fairly hardcore about keeping as much business logic as I can in the
database. In fact, I only do SELECTs from the application, and usually
via Views. All inserts, updates and deletes are via procs. I'm a
proponent of separating application code from presentation and
application code from database code. And HTML from layout style, for
that matter.

In addition to the other reasons you've gotten:

It lets me blackbox commonly used functions, such as a function to
insert a normalized demographic record for a customer, an organization,
a user, a guarantor, a physician, etc.

It isolates database logic so it can be debugged separately from the
application.

It reduces the application's vulnerability to SQL injection, especially
if another developer (never me <g>) forgets to massage potentially
tainted user input.

Another is because I typically do my web application programming in PHP5
but the offline scripts in Perl. Both can call the same stored
procedures so I don't have multiple copies of database code to maintain
and debug.

Another is because I want transactions to start and end in the database,
not in external application code which might crash before a COMMIT.

Another is because I'm a freelancer and generally hand off my
applications to the client's tech department, which is often a junior
level grasshopper who knows just enough SQL to be dangerous. Using
stored procedures raises the bar on what they need to know about RDMBSes
before they start hacking working code.

And, yes, it's faster. Particularly if business logic decisions have to
be made in context with a transaction.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Phoenix Kiula 2007-08-16 01:15:44 Re: pg_dump on local Windows, pg_restore on Linux?
Previous Message Javier Fonseca V. 2007-08-16 00:05:51 Re: Trigger Procedure Error: NEW used in query that is not in a rule