Saturday, September 16, 2006

Stored Procedure, use or not?

Today I found a discussion about using Stored Procedure for all database call in a software application in here.
The debate have been continued for about 2 years. This is one of the typical software design question that have no absolute yes or no answer. When dealing with this kind of question, developers usually analyze the question in terms of pros and cons, but if we go back and consider the non-function requirement first. It will be easier for us to figure out which solution is better in all situations.
First we consolidate all non-function requirement here, definitely most of them can be achieve with or without using stored procedure, but usually for certain requirement, one solution is better than another. So after we build the full list, we'll have a rule set that can help us to determine we should or should not use stored procedure in our own scenario.
  1. Performance
    Usually this is the strongest reason for using stored procedure. Without doubt SP can make database operation faster. However it is also a typical remedy to poorly written queries and poorly designed schema. If you believe in the good old 80-20 rule, doing all DB operation in SP is a waste of development effort. With modern profiling tools it is easy to separate slow queries from others. So you just need to tune those queries that really matters. Or wrap them up in SP. On this point, I think a mixed approach is more suitable.
  2. Database Portability
    Stored procedures are never portable, but such portability is not always required. Many enterprise use one single RDBMS product and never change. Usually, under two scenario this requirement is necessary:

    1. You application is a product and your end-users can use it on top of different DB
    2. plan to use a different DB with your application in the future.
  3. Security
    This is usually necessary if you have more than one applications accessing the same DB, so you may just grant certain application to access SP that it really needs, and hiding the entire schema. However, that means you are using the DB as a point of application integration. It may be the only way before we have other application integration technology like MQ or web service. If you have only one application accessing one DB, and doing the integration outside DB. Why you need SP for security?
  4. Service Interface
    SP can be treat as interface of service for your application, but now web service is a better way to do so.
  5. Unit Testing
    No matter you use SP, or data access layer with plain SQL, you have lots of ways to do unit test. So no difference.
  6. SP as business logic layer
    PL/SQL and T/SQL is not a good language to implement complicated business, better do it in business service layer.
  7. SP as a layer to maintain data integrity
    SP may be a more nature place for maintaining data integrity. Though there is no big different if you do it in the data access layer.
  8. Stop the ripple effect of DB change
    Both SP and data access layer can do the same job.
Finally I want to point out another down side for accessing to DB with SP only. Such practice will easily direct developers to produce a too database centric design. And put too much loading to the DB server. As a matter of fact DB usually is a component that is most difficult to scale up. In contrast, the mid-tier can be scale up easily with modern load balance technology. No matter we use SP or not, we can do some trick like cache to reduce the number of DB access. That can also enhance the performance.