Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Currently, I only use stored procedures, is this considered good practice or bad? I find it helpful to separate my SQL code from my PHP code, and I also remember hearing in a PHP course I took a few semesters back that stored procedures are more secure.
In the past, stored procedures and prepared statements were always faster than dynamic SQL strings sent to a database. These days, although that might still be the case sometimes, the differences are minor, if not negligible, so the major benefits of a stored procedure are safety from SQL injection attacks, and also as a layer of abstraction between the application code and the database (allowing you to use the same queries easily across different DB APIs or even different languages). So in general I’d still prefer stored procedures where possible.