Those of us who have worked at utilities work with data that more than a 100 years old.  Many addresses and place names could be 100s of years old, too.  So I'm guess that people work with data much older than they think.  That's why I'm not a fan of tailoring data structures to optimize them for just one application or use.

I believe that "data architects" should be responsible for more than just database issues.  I see the profession of data architecture encompassing, modeling, data quality, reliability, scalability...all the -abilities. I do agree that model <> architecture.

One other reason to use SPs is to keep processing close to the data.  In most cases, this is a significant performance trade-off.

Great post.

T_SQL won't do you much good if you change your database.

Interesting Finds: May 10, 2009

Thank you for submitting this cool story - Trackback from DotNetShoutout

Eric, how many times have you switched database platforms?  In my experience this is much less common than the alarmists like Celko want us to believe.

Anyway, whether you use stored procedures or embed your T-SQL code in the application code or middle tier, do you think one requires less work than the other, if you need to port to Oracle or DB2?  The truth is that no matter what platform you choose, you need to decide how you want to trade off ease of portability for the benefits of using the "local" dialect.  I just don't see "use stored procedures" or "don't use stored procedures" as a major bullet item in that decision.

+1. I have one project where every layer was replaced, except the stored procedures on SQL Server 2005 (and I mean: C# classes + web services + Infopath, ADO.NET + ASP.NET, Linq + ASP.NET MVC)

I am against using stored procedures unless (a big unless) your model is very stable, and you have very good people (DBA, Data Architect, ... whatever title you want to call them) that can write them in a maintainable way ...

Why? Because stored procedures in most projects are not easy to change and test, and they are coupled to the structure of your data. Try to modularize a long stored procedure into smaller (and reusable) ones is not a easy one ...

Again, unless you don't plan to change your data schema often, or unless you have people that are really good at maintain (or writing very good stored procedure) ....

Thanks, I think I will pass stored procedure except the very simple ones that I know I can handle ...

Eric,

In fact, using stored procedures usually simplifies porting. I have a lot of experience with porting between SQL Server and Oracle, and eventually came to this conclusion. Not using stored procedures exposes your code to subtle differences between platforms. Examples here:

http://sqlblog.com/blogs/alexander_kuznetsov/archive/2009/02/24/writing-ansi-standard-sql-is-not-practical.aspx

and here:

http://www.devx.com/dbzone/Article/32852

Harry, testing stored procedures is not that hard. Examples:

http://www.simple-talk.com/sql/t-sql-programming/close-those-loopholes---testing-stored-procedures--/

http://www.simple-talk.com/sql/t-sql-programming/close-these-loopholes---testing-database-modifications/

Also Adam Machanic's article is a must read:

http://www.simple-talk.com/sql/t-sql-programming/to-sp-or-not-to-sp-in-sql-server-an-argument-for-stored-procedures/

My take:

http://incrediblejourneysintotheknown.blogspot.com/2009/05/when-to-use-stored-procedures.html

Alexander,

Actually, I understand what you are saying... Again, "IF" we have good people writing good stored procedures and decompose (divide and compose is our best friend) the stored procedures in a way that make them testable, highly-cohesive, loosely-coupled, I will use stored procedure ...

My friend, you and I knows for normal projects, that is a big BIG IF ...

Unfortunately, I can foresee my boss take this article as proof that we (we don't have real DBA, we write lousy stored procedures) should put ALL data logic in stored procedure ...

@AaronBertrand - The main reason people don't switch is because it costs too much - because they used stored procedures and/or embedded db specific code in apps/reports/integration code/etc.  Plus, small dbs are relatively new - before then, it was not possible because there was nothing to move to. Now many companies  have multiple databases. Some of them are not relational.  Even Alexander says he has a lot of experience porting.

I have switched at least twice (where the switch was not planned). I probably am about to do another. I have switched other times but it was planned. This all worked because i used Hibernate/NHiberante.

@Alexander Kuznetsov - it is not as easy as using a good ORM. Change dialect and generate ddl! Anyway, using SPs do not preclude using db specific things elsewhere. And then you have one more place to change things.  I had someone switch to MS Access because it was "free". He used store procs and thus had to recode all of that code. There was no real reason to use them other than "that is what you are supposed to do".

@Paul - I disagree that it is the "data architect" who is in the best position to make the decision. I would agree that a person who has had or has experience as a "data architect" is.  Otherwise you have a single focused person making a decision and that usually ends up screwing up the overall architecture. As soon as you start thinking that the database (NOT the data) is a separate system or as the center of the universe, you've already gone down the wrong road.

Data != Database.

Database != RDMBS

I'm convinced sprocs are the means of getting most from your db engine to deliver the functionallity the sproc is meanth to.

You can use dialect, hints (only if strictly needed) ... code that is directly bound to your db engine.

But it is a battle that is being fought over and again, because of "new features" of any used programming language.

Nowadays the new kid in the block is called LINQ .... and off we go again.

I've seen applications completely rewritten with new interfaces, functionality, etc., and what Paul speaks of here I have found to be true. I know one app that we re-skinned and rebuilt code for. Complete overhaul... except at the database level. The reason is because we had exposed access to the data through well-defined stored procedures that did the job nicely. We ended up implementing a few new stored procedures to expose some of the hierarchical structures in more details, but the fact of the matter is that while the application code got changed, the database effectively did not.

Harry, you're right that if the database layer is poorly written it really doesn't matter, but an analagous argument is all BMWs are bad because I bought a bad one at Jim's Used Auto Sales and it was a lemon!

>>The only real solution is an abstraction layer that fully encapsulates the database. <<

Very good article.  

The application programmers are painfully aware that every few years, they will have a new "Language du Jour" to learn.  I went thru 8 versions of FORTRAN, a little CDC COBOL, B5000 Algol, 17 version of C, 4 versions of Pascal, Progress 4GL, Informix 4GL, SAS, SPSS and then I lost count.  

This is why good application programmers know algorithms and computational models (procedural, block structured, declarative, OO, functional, etc.) so they can adjust to each "Language du Jour" when needed.

I am amazed at how many DATABASE programmers believe that they will never port code.  Anyone looking at the real world will see that data has become global and it is not locked into one version of one release of one SQL product on one server.  This is a no-growth failure for your enterprise.

@K. Brian - I can do  the same with an app. In fact, the database could go from RDBMS to something else. The question is how much code less code would have had to change using a DAO type layer?  

Mark said:

>> The main reason people don't switch is because it costs too much - because they used stored procedures and/or embedded db specific code in apps/reports/integration code/etc.

I don't buy it, this seems like a circular reference to me.  If they wanted portability, why did they use stored procedures?  Is portability a goal, a means, an excuse, something else?

>> Even Alexander says he has a lot of experience porting.

And I would bet that he would agree that the majority of his effort was not due to the fact that he used stored procedures.  Unless he used pure SQL-89 and all of his work in porting was changing the outer procedure syntax (hint: highly unlikely).

Recall that I didn't say, "oh gosh, nobody in the world has ever ported."  What I'm saying is that there just aren't many business cases to switch platforms once you have developed on one.  This is independent of whether or not you use stored procedures, as you will have the same problem (in fact even bigger) if you've copied that ad hoc T-SQL query and embedded it in application source code all over the place in lieu of using a centralized stored procedure.  We can't all control our applications, middle tiers, etc. the way we can control the database.

Anyway you can feel free to avoid stored procedures just in case you ever have to switch from SQL Server to Oracle or DB2 at the drop of a hat.  I think you'll have bigger problems in the meantime, as the cost of porting is about re-writing code that uses proprietary features (or uses similar features like indexes in different ways), not about the stored procedure syntax.  

I think I am a competent developer. I have worked with other competent developers. I seldom see people who can write maintainable stored procedures. What I mean by maintainable stored procedure is that they are cohesive and loosely coupled (unless you think these two principles are not important) and also can easily be changed if you have a new business need to change your database schema. We developed rules like no method should be more than 100 lines, methods should be small, ... etc in programming. However, I seldom find good guidelines for writing 'maintainable' stored procedures. The only books that I know deal with this are Ken Henderson's books.

Comparing to programming languages, we have design patterns, effective programming books, effective languages books ... these knowlege/paradigms evolved from procedural to OO to aspect-oriented to maybe something else I don't know. That makes general programming easy to maintain and easy to write good code, which I think we don't have that kind of mindset in stored procedure ...

But you will argue, stored procedures are not designed for these problems. I agree. So, let's not recommend people put 'complex logic' into stored procedure. We have better tools and training in general programming languages to handle those complex logics ...

There are two types of users, package vendors who sell application packages that may need to store data in a database, and enterprise users whose business is not writing application software, but who write application software in order to support their main business.

For the package vendors, database portability is often essential (unless they also happen to own a DBMS). And they very much like to be able to switch at the drop of a hat, or more accurately at the request of the prospect customer.

For enterprise users, I agree it would e extremely rare to deveop an application with DBMS portability as one of the key requirements. Whether or not procs are used is rarely, if ever, an important factor in any DBMS switch decision. But then, it would not be uncommon to see that being listed as one of the reasons to justify a switch.

Aaron,

>>> Even Alexander says he has a lot of experience porting.

>And I would bet that he would agree that the majority of his effort was not due >to the fact that he used stored procedures.

Yes. I know that the most efficient way to write protable applications is to utilize stored procedures.

Paul,

> The mindsets of the application developer and a database developer are

> diametrically opposed.

Can you please explain why?

>What makes a good application developer is different than what makes a good >database developer.

I do not think so. I think that all the best practices that we have in application programming (aka "What makes a good application developer") should apply in database programming too, "cohesive and loosely coupled" modules, the patterns, unit testing, code reusing and such. What do you think?

@AaronBertrand -

>I don't buy it, this seems like a circular reference to me.

That is exactly my point

>If they wanted portability, why did they use stored procedures?

Exactly. They don't want it. The db vendors don't want it either.

> Is portability a goal,

Yes. If you are software vendor, you client might have database A and not want to introduce database B.

>a means

Yes. I this day and age, flexibility is VERY important. Try negotiating a decrease with your db vendor when they know you can't switch

>And I would bet that he would agree that the majority of his >effort was not due to the fact that he used stored procedures.

That doesn't lessen the fact it that effort will be expended.

>We can't all control our applications, middle tiers, etc. the way >we can control the database.

You can control them pretty well. Who is controlling the dba? Do they have too much control?

> I think you'll have bigger problems in the meantime, as the cost >of porting is about re-writing code that uses proprietary features >(or uses similar features like indexes in different ways), not >about the stored procedure syntax.  

I have written many applications in many languages on many platforms with many databases. Seldom are these features needed. The few that are different the are used - handled by my ORM.

@Harry - I agree with you on maintenance of stored procs. How do i do OO and IoC and AOP? Just looking at a basic stored proc takes time to figure out what it does because there are no separation of concerns. So, if complex logic doesn't belong in the db, then what is the point of SPs? Very little effort, if any, is saved by doing "sp_some_proc..." versus "select x from y ...."

@Paul - it seems you assume that we are "application developers" because we don't like stored procs and because we do app dev. Well, we do both. Honestly, there is no such thing as a database developer - unless you are writing a dbms. People who are "database developers" are app devs who deploy their code to a dbms.

It is from experience that we know it is difficult to maintain SPs.

A good developer IS a good developer. The problem is that most developers are barely "good". Try taking a COBOL [app} programmer and make them a Java [app] programmer.  Seldom are they good. You at best end up with JOBOL. So taking an "app" dev and making them an "db" dev - same issue.

>here’s nothing easier to code against than when a good database .developer writes a good database abstraction

Then you have never used a good api in a good IDE.

>For my application, all the logic is pushed down into the data and >handled by set-based queries.

Which, unless you are a top tier dba (count them on one finger), will be like BMWs - expensive to build and built to stay expensive.

>Does EVERY report, EVERY ETL process, and EVERY application now >AND IN THE FUTURE access the database through the abstraction >layer?

Yes. You don't bypass layers. To me, the application consists of ALL the parts. The database (not the db engine itself) is NOT a separate entity.

>If not then you’re in trouble own the road.

Hmmm. How far? 5 years? nope. 10? 15? 20? 30?

We have people doing it your way. Every change is difficult and time consuming. My way - changes are easy and i can add a new UI easily.

I am speaking from experience, I have built T-SQL and PL/SQL SPs and have had to maintain them.

If you put all your logic in the db .. what happens when you have to call a system function (i have a funny story about that). What happens when you need to do 2 phase commits to queues, content repositories and files systems?  What happens when due to SLAs you have to do write behind logic?

@Alexander - "Yes. I know that the most efficient way to write protable applications is to utilize stored procedures."  It might be best way that you know. But it is NOT the best way.

"I do not think so. I think that all the best practices that we have in application programming (aka "What makes a good application developer") should apply in database programming too, "cohesive and loosely coupled" modules, the patterns, unit testing, code reusing and such. What do you think?"

I think it is VERY difficult if not impossible unless you use C# or Java as the SP language. But even then ... .

A very heavy and intersting discussion.

I've been a professional SQL Server developer for years, and i've seen this discussion rage on and on. What I see is on the one hand "apllication" databases developed from and for an application with little regard for the data model and the data. These can be higly flexible, with ORM layers and such. Performance on complex processing, Data quality and consistency? Just forget it. You're at the mercy of API's, programmers and architects who (sometimes) do not (want to) grasp the subtle parts of transactional consistency. OTOH I see well constructed databases that provide quality data that will last for ages because the models can be properly refactored and extended. Their frontends are usually not very sexy or advanced because that would be a CWOT.

But all is not bad. Well constructed databases can be accesed by model driven database applications (not ORM!!!). This gives you all the flexibility you need without sacrificing your data model (the opposite in fact is true). In this OO fad driver world however this is considerend a niche approach.

Also, a lot of customers do not understand or care enough, and a simple cost effective "run of the mill" application is all they want. All that "theoretical" stuff about data quality & consistency is lost on them.

The natural conflict between developers and "data" people isn't just about mindsets or skills.  I believe it is primarily due to the fact that developers are measured and compensated based on "just get this one application, that does this one thing, done as quickly as possible. Optimize the hell out of it, make it scream, just get 'er done, now!"

Data folks, on the other hand, are measured and compensated based on their ability to preserve data, make it right, keep it healthy and happy, for decades or centuries not matter what someone might want to put in place to collect it, maintain it, and manage it. Anticipate any future need, store it in a way that it can answer any possible or impossible question, and make it scream "I know".

One couldn't design more different objectives to make us swashbuckle in the aisles.  It's as if management is really just hoping to see the Ultimate Smackdown LIVE! in the cubes, every day.

I'm an unabashed proponent of stored procedures for many of the reasons mentioned here.  Security - no direct access to the tables, maintainability/abstraction - if the data model changes I can change the SP's and the application or applications are not directly impacted are just 2 I would mention.  I also commented on this post on my blog:

http://wiseman-wiseguy.blogspot.com/2009/05/explanation-of-why-to-use-stored.html

@Paul_Nielsen "What makes a good application developer is different than what makes a good database developer."

I completely agree on this one.  I usually end up wearing both hats on projects and am always amazed how 'application' developers can't get out of the foreach mindset that works well in C#/Java/etc but brings DBMS performance to it's knees.

A rich, sproc-based, data API is worth a hundred ORM's but everyone seems to bring the data guy in too late and effectively neutered or put a mid-level DB admin into the role of a data architect (there is a difference as much as a mid level application dev != application architect).

PingBack from http://facility9.com/2009/05/15/links-for-the-week-of-20090515/

PingBack from http://www.pythian.com/news/2479/log-buffer-146-a-carnival-of-the-vanities-for-dbas

I'm jumping into the conversation a little late here, but in my experience as an intermediate web developer, the main problem I see is that there tends to be a profusion of stored procedures -- generally at least four per table.  For example, for a 'company' table, you might have companySelectById, companySearchByRadius, companySearchByState, companyInsert, companyUpdate, companyDeleteById.  When the company table changes, so do most stored procedures.  Corresponding changes have to be made in the application logic.

And in the world of the web, schemas seem to change fairly often.  

Any general tips or articles on how to manage this?

-- anon

Throwing stored procedures at the issue of database extensibility is no guarantee that the issue will be solved.  The focus should be around a well designed API.  So I found the title of your post somewhat misleading -- it addressed the need for a good database-level API well.  Stored procedures are really just the implementation mechanism.

I wonder if you could also generate a good database-level API using something like Queues?  Particularly if you are connecting the database to a middleware product.  And queues, like stored procedures, have been around for some time.

Quite an interesting read and discussion. Just to exapnd upon a few of the comments made by Amon...

"For example, for a 'company' table, you might have companySelectById, companySearchByRadius, companySearchByState, companyInsert, companyUpdate, companyDeleteById"

This comment from Amon highlights some of the challenges in stored procedure design. Should you create a different stored procedure to search by each column of the table? Probably not. Perhaps a single unified sp that allows you to search these columns would be better and reduce your workload as future needs change.

"When the company table changes, so do most stored procedures.  Corresponding changes have to be made in the application logic"

Yes this is true. One of the key benefits of using stored procedures will be the ability to refactor your database layer without impacting your application. Perhaps a single database is being used by a number of applications. By having separated your data access layer you can modify the underlying tables and stored procedures and protect yourself from breaking all the applications. Once the change is made in the database you can progressively modify your applications as time allows.

Why do I like sp's? Security and data quality. My big sell for sp's in creating a single point for inserts, updates and deletes and granting zero access to tables. Reducing the footprint of code that can modify your data is essential in maintaining it's quality.

Apologies Anon, I just realised I referred to twice as Amon.

PingBack from http://rtipton.wordpress.com/2009/05/17/weekly-link-post-94/

Seems I touched off a bit of a “swirl” with a comment I made on my last blog post: I think, in general

PingBack from http://buildesignwebsite.com/you%e2%80%99re-not-your-data-access/

PingBack from http://buildesignwebsite.com/you%e2%80%99re-not-your-data-access-2/

I see one Problem with this approach - the amount of skilled db developers.

On the other side even without the help of ORM, the amount of time needed to create or change the data access layer e.g in Java is really small.

So sprocs are just another tool in the pocket.

I like stored procedures... up to a point. You have to be careful when using stored procedures that you don;t put TOO much of you application logic into them.

I have seen far too many projects where business logic is rolled into stored procs, and the SPs are NOT well commented, resulting in an absolute nightmare when it comes to maintainability.

Some thoughts on Stored Procedure

Some thoughts on Stored Procedure

You can read my blog entry on http://programming360.blogspot.com/2009/06/some-thoughts-on-stored-procedure.html

Stored procedures should treated as bussiness layer.

I've seen an Oracle 8.5 with thousands of SP.

It became a dinosaur. No one can maintain it.

"I see one Problem with this approach - the amount of skilled db developers"

I'm not sure about this.  I would expect (indeed hope) that any programmer who is writing against a database should at least have a good background in understanding more or less what's happening under the hood.  If he doesn't, then I wouldn't trust his application code any more than I'd trust his stored procedure writing.

I have used SP's myself, effectively creating an interface to the DB as suggested in this article.  I recently had to make a major change to one of the tables and did so easily without having to recompile and re-deploy an application to every single workstation.  So, despite what people like Jeremy Miller think (cognitive dissonance), I will continue to develop systems in this way, knowing that my interface will more than likely last longer than the applications built upon it.

Dynamic SQL is not as absurd as you say and stored procs are not as bad as I say :).

One thing I agree is that if you decide to work with SPs extensively, then you would better not mix the jars. Also it depends on what you are willing to do. If you want to develop a resale-able product, then stored procs are out of the question, but if you are internal IT for a big non-IT company then you should work with stored procs. In the last case, maintenance costs are not an issue as the employer already pays you so you might as well do something for the money. Also, as in internal it working for some time and planning to work for longer you already know the business rules and stuff (probably you know the database by heart)  so abstraction is not really necessary.

What is important to know though is that using of SPs is not actually software application programming, is just about data, so you'd better take into consideration that the stuff returned by your SPs to the actual software application must be well structured coherent and standardized but most of all abstract.

If you are using stored procs then the core of the maintenance will be in the db, so the software code done by the software developer must be clean, tidy stable and simple, if you deliver bizarre and unstandardized data to the programmer, he will make it work but not in an elegant manner, so if problems come from the application layer, they will be difficult to solve.

Am I right Mr. Nielsen?