Dynamic SQL vs Stored Procedures

I bet all application development team had a debate on whether to use Stored Procedures or Dynamic SQL statements during their development. I read Bil Simser's blog on this and also Rob's blog and Frans Bouma's blog. What a lengthy feedback/comments and it defintely took a while for me to read everything but it is worth reading.

As it was mentioned, it all depends on your application design/architecture. In our current application we are using LLBLGen for generating our data access tier. As LLBLGen only generates dynamic sql statements, we do not have option to use SPs. But we don't have to worry about SQL injection atacks as "All SQL generated by LLBLGen Pro is parameterized".

If you are wondering about what is Oracle's stand on this dynamic SQL, here is what Tom's take.

 

 

1 Comment

  • You can use stored procedures with LLBLGen Pro, you can define calls to procedures, which allows you to call procedures in 1 line of code, like:



    DataTable results = RetrievalProcedures.GetOrders("CHOPS");

Comments have been disabled for this content.