# Table of Contents
 <p><div class="lev1 toc-item"><a href="#Stored-Procedures-and-Functions" data-toc-modified-id="Stored-Procedures-and-Functions-1"><span class="toc-item-num">1&nbsp;&nbsp;</span>Stored Procedures and Functions</a></div><div class="lev2 toc-item"><a href="#Techopedia-explains-Stored-Procedure" data-toc-modified-id="Techopedia-explains-Stored-Procedure-11"><span class="toc-item-num">1.1&nbsp;&nbsp;</span>Techopedia explains Stored Procedure</a></div><div class="lev2 toc-item"><a href="#Comparison-of-Stored-Procedures-versus-Dynamic-SQL" data-toc-modified-id="Comparison-of-Stored-Procedures-versus-Dynamic-SQL-12"><span class="toc-item-num">1.2&nbsp;&nbsp;</span>Comparison of Stored Procedures versus Dynamic SQL</a></div><div class="lev4 toc-item"><a href="#(from-Wikipedia)" data-toc-modified-id="(from-Wikipedia)-1201"><span class="toc-item-num">1.2.0.1&nbsp;&nbsp;</span>(from Wikipedia)</a></div><div class="lev3 toc-item"><a href="#Overhead" data-toc-modified-id="Overhead-121"><span class="toc-item-num">1.2.1&nbsp;&nbsp;</span>Overhead</a></div><div class="lev3 toc-item"><a href="#Avoiding-network-traffic" data-toc-modified-id="Avoiding-network-traffic-122"><span class="toc-item-num">1.2.2&nbsp;&nbsp;</span>Avoiding network traffic</a></div><div class="lev3 toc-item"><a href="#Encapsulating-business-logic" data-toc-modified-id="Encapsulating-business-logic-123"><span class="toc-item-num">1.2.3&nbsp;&nbsp;</span>Encapsulating business logic</a></div><div class="lev3 toc-item"><a href="#Delegating-access-rights" data-toc-modified-id="Delegating-access-rights-124"><span class="toc-item-num">1.2.4&nbsp;&nbsp;</span>Delegating access-rights</a></div><div class="lev3 toc-item"><a href="#Some-protection-from-SQL-injection-attacks" data-toc-modified-id="Some-protection-from-SQL-injection-attacks-125"><span class="toc-item-num">1.2.5&nbsp;&nbsp;</span>Some protection from SQL injection attacks</a></div><div class="lev2 toc-item"><a href="#Disadvantages" data-toc-modified-id="Disadvantages-13"><span class="toc-item-num">1.3&nbsp;&nbsp;</span>Disadvantages</a></div><div class="lev4 toc-item"><a href="#(from-Wikipedia)" data-toc-modified-id="(from-Wikipedia)-1301"><span class="toc-item-num">1.3.0.1&nbsp;&nbsp;</span>(from Wikipedia)</a></div>

# Stored Procedures and Functions

The primary database interaction modality is the _declarative_ SQL statement.
However, there exist use-cases that benefit from procedural processing within a database.
Therefore, most major relational database systems (e.g., SQL Server, Oracle, MySQL, PostgreSQL and others) provide support for stored procedures.


A stored procedure is a subroutine available to users and applications connected to relational database management system (RDMS). 
Stored procedures  procedures are stored in the database data dictionary.
They must be called or invoked, as they are sets of SQL and programming commands that perform very specific functions. 


Often, the alternative to stored procedures is the generation of _dynamic SQL_ within procedural languages, which then interact with the database via connections.



## Techopedia explains Stored Procedure

Stored procedures are used when an application needs to perform a complex task using relational database information. 
An example might be a loan loan application to determine a customer’s repayment ability and creditworthiness. 
To check the customer’s repayment ability, the loan officer compares the customer’s average monthly income to his monthly account withdrawal sum over a 24-month period. 
To verify creditworthiness, the loan officer submits the customer’s ID or social security number to a credit reporting website.

Both actions above are complex and difficult to achieve using basic SQL commands. 
In addition, the customer loan approval process may be performed at varying times for different customers (i.e., the same action is repeated several times), but different customer information is associated with each action.

The above situation is an ideal example of when stored procedures should be used--i.e., when performing a complex action using a combination of SQL, Procedural Language/Structured Query Language (PL/SQL) or external programming language, e.g., _Python_, PHP, C/C++. 
Second, the same action is performed repeatedly, and the only changes are the parameters or data to be processed.

Stored procedures usually provide a performance benefit over writing application code, for the following two reasons:
  1. They do not incur extra inter-program communication between the database and external application.
  1. Do not need to be compiled and executed for each instance, as storedprocs are compiled only once.



## Comparison of Stored Procedures versus Dynamic SQL 
#### (from Wikipedia)

### Overhead
Because stored procedure statements are stored directly in the database, they may remove all or part of the compiling overhead that is typically needed in situations where software applications send inline (dynamic) SQL queries to a database. 
However, most database systems implement statement caches and other methods to avoid repetitively compiling dynamic SQL statements. 
Also, while they avoid some pre-compiled SQL, statements add to the complexity of creating an optimal execution plan because not all arguments of the SQL statement are supplied at compile time. 
Depending on the specific database implementation and configuration, mixed performance results will be seen from stored procedures versus generic queries or user defined functions.

### Avoiding network traffic
A major advantage of stored procedures is that they can run directly within the database engine. 
In a production system, this typically means that the procedures run entirely on a specialized database server, which has direct access to the data being accessed. 
The benefit here is that network communication costs can be avoided completely. 
This becomes more important for complex series of SQL statements.

### Encapsulating business logic
Stored procedures allow programmers to embed business logic as an API in the database, which can simplify data management and reduce the need to encode the logic elsewhere in client programs. 
This can result in a lesser likelihood of data corruption by faulty client programs. 
The database system can ensure data integrity and consistency with the help of stored procedures.

### Delegating access-rights
In many systems, stored procedures can be granted access rights to the database that users who execute those procedures do not directly have.

### Some protection from SQL injection attacks
Stored procedures can be used to protect against injection attacks. 
Stored procedure parameters will be treated as data even if an attacker inserts SQL commands. 
Also, some DBMS will check the parameter's type. 
However, a stored procedure that in turn generates dynamic SQL using the input is still vulnerable to SQL injections unless proper precautions are taken. 

## Disadvantages
#### (from Wikipedia)

 * Stored procedure languages are often vendor-specific. Changing database vendors usually requires rewriting existing stored procedures.
 * Stored procedure languages from different vendors have different levels of sophistication.
     * For example, Postgres' pgpsql has more language features (especially via extensions) than Microsoft's T-SQL.[citation needed]
 * Tool support for writing and debugging stored procedures is often not as good as for other programming languages, but this differs between vendors and languages.
     * For example, both PL/SQL and T-SQL have dedicated IDEs and debuggers. PL/PgSQL can be debugged from various IDEs.
 * Changes to stored procedures are harder to keep track of within a version control system than other code. Changes must be reproduced as scripts to be stored in the project history to be included, and differences in procedures can be harder to merge and track correctly.

