Do I need Stored Procedures? Maybe or Maybe not.

I have written a couple of posts about 7-8 months back (here and here) on how to call stored procedures from a rails application. After using stored procedures in my app for a while I started to think about whether we really need them. So over a couple of months I discussed it (mainly short discussions about stored procedures not whether to use them or not) with my colleagues, friends, other people  and gave some thought to it. If you are new to stored procedures then here is a sort of textbookish definition.

Stored procedures are available to applications accessing an RDBMS, they are similar to constructs seen in other programming languages and stored in database data dictionary. Stored procedures remove the compilation overhead required for inline queries as they can be pre-compiled, hence they run faster in some cases. However, now most RDBMS, as they evolved, implement statement caches to avoid repetitive compilation of SQL statements.

Why people think we need them?

People, especially with database background or DBAs, are of the view that we should use stored procedures for most of the tasks involving database because they offer following advantages:

  1. Stored procedures separate server side function from the client side, i.e, put all your business logic in stored procedures.
  2. Stored procedures are modular and offer advantages compared to embedded queries buried within the GUI code.
  3. They are faster, secure and maintainable
  4. Reduced network usage between clients and servers

Why people or I think we don’t need them?

  1. If the application in question even has a remote chance of running on more than one RDBMS then I would just kick stored procedures out of the door because the exact implementation of stored procedure varies from one database system to another and I certainly won’t like to tie my app to a particular database.
  2. Having business logic in stored procedures is not only breaking every rule of good programming but also not following the tried and trusted way of architecting n-Tier applications, i.e. separating presentation, business logic and storage/data access. Do not mix storage/data access with logic because stored procedures are just an extension of data access tier. As they say, use database as a very efficient file cabinet. The only concern of a database should be to store data or persistent objects and the business logic should reside in the application code. Database in itself is not an application you are developing, it’s part of the layer/tier that stores data. We use SQL in RDBMS and SQL is simply a data manipulation language hence very limited in its scope. A programmer can do everything in the application code that can be done in a stored procedure but the opposite of this is definitely not possible. Hence, databases are not programmable enough to include all the business logic. If you somehow manage doing that using temp tables, inserting redundant rows into the tables, by spending ‘n’ number of extra hours or other hacks then you are gonna face performance/scalability issues and surely maintenance problems later in the development life cycle, i.e. a nightmarish, incomprehensible & complex POS (piece of shit). These issues will come back persistently to haunt you and your team. Hence, the advantage 1 and part of advantage 3 mentioned above is not valid anymore.
  3. Storing business logic in the stored procedures also leads to more work for testing compared to having them in (Object Relational Mapping) OR / domain model class and stored procedures/triggers make test driven development less productive. Also, if I am using ORM then I do not need to use any SQL in my application code because the ORM will generate optimised queries for me on the fly and will also bring simplification and consistency in the coding of whole team. Hence, advantage 2 and part of advantage 3 mentioned above is not valid any more.
  4. Stored procedures can very easily get out of synch with the application code. For instance, if I have different versions of my app in the source code repository and in case something goes wrong with my latest version then I can very easily switch back to an older version by simply checking out / exporting stuff from the repository. But these facilities do not exist for stored procedures / triggers. It’s troublesome to have business logic residing in stored procedures because they are in the database and once you alter an existing procedure the old one is gone, hence no going back. Now some of you may argue to keep each stored procedure/trigger in some text file and commit it to the repository with the app but that’s again creating additional work for your team which means you are also adding chances of error/mistakes. However, if you do this then you still have to run your stored procedures/triggers with every update that’s again prone to mistake/errors.
  5. When something goes wrong then stored procedures don’t provide meaningful feedback unless you code all the exception handling within the procedure itself.
  6. You can’t pass objects to stored procedures. If you are using an ORM, and you have a class that is mapping to a table then you can simply pass the object of that class and you are good but with stored procedures you have to pass each field or object attribute as parameters and you may end up passing lots of them, may be 20, 30,40 or even more. Hence, you end up writing more code which essentially is more error prone and if you get a ‘bad call’ error then go figure what just happened. That’s just creating one object what if you need to add a record to 4 tables simultaneously using transaction and let’s say each of them have 10 fields then you need to pass 40 parameters. Change is the only constant in life, especially in the business environment.  Lets say, due to some business requirement your database schema changes and you have to add/remove columns to/from those tables. If you are using stored procedures then you atleast need to take these steps to make sure that your application is still working fine:
    • Add new data vaildation rules for CRUD operation.
    • Change the way data presented to users and your form fields where you allow users to create/update records.
    • Add or remove new parameters to the stored procedure calls from your front end
    • Add or remove new parameters to your stored procedure definition
    • Add or remove new parameters to all other stored procedures or triggers from where you are calling your affected stored procedure(s).

    If you are using ORM instead of stored procedures then you need to take these steps to make sure that your application is OK:

    • Add new data vaildation rules for CRUD operation.
    • Change the way data presented to users and your form fields where you allow users to create/update records.

    That’s it and you will also have your whole app properly version controlled so that you can switch back and forth seamlessly. So why do you want to do something that involves more work leading to delays, increased complexity, less productivity and has more chances of error? Hence, stored procedures/triggers are actually a constraint in your system and according to Theory of Constraints; generally, in any system or process there is one constraint at a time. To improve overall system or process performance first find the constraint then improve it or eliminate the constraint entirely. Do I need to say more?

If you think you can use stored procedures to hide business logic,  then you are definitely using stored procedure what it is not good or designed for. I neither like putting SQL queries in my code nor have any problem using stored procedures only if they can offer me/my team/employer some measurable benefits but in my opinion an OR model is much better in terms of developer time, code, productivity and maintenance. Using stored procedures indicates adding another layer, another language, complexity and losing database portability. If I have an application running on ‘n’ number of different clients then it will be much easier for me to keep my application code synchronized and maintainable rather than the stored procedures and triggers. Triggers pose another problem area because application does not know whether they exist hence do not even have a clue whether they have run or not. What if you have some logic in one of your trigger and that itself may be calling another stored procedure(s) (again some logic on important data) and due to one or the other problem trigger didn’t fire, you are screwed because neither you nor your application will know whether the trigger was fired or not unless your application users see some discrepancy in their data or reports, report them back to you and then you run multiple sql queries and check everything manually. How kewl is that? Not for me atleast.

Having said all that, I don’t mean the stored procedures were never useful or the advantages of stored procedures cited by DBAs were never true, yes they were true until 6/7 years ago. But with time, new technologies come into existence, some lose their advantages and some become obsolete. There is no point in sticking to something for which you have other better options available.