mike99c
asked on
Should Laravel call stored procedures?
I am new to Laravel and I'm using a backend Laravel developer. He tells me that when using Laravel he never uses stored procedures when connecting to a database. He says that Laravel protects against SQL injection so no need to use them and that most developers don't use stored procedures.
Can I have some advice as to whether it is recommended to use stored procedures? I know that this means creating procedures that need to build queries rather than just pass in data values as parameters.
I understand the main advantages to using stored procedures are:
- Security - they protect against SQL injection
- Performance - no need to send SQL queries down the data bus
- Encapsulation - from an object oriented point of view, the database controls the methods for querying the tables.
Hi,
This is a good question...
I use it only for some specific cases.
One of the case example is instead of running a cron job or MS Scheduler it is possible to use a store procedure that will automatically be triggered at specific time so it may be useful in a case like this.
I would not use it for regular case as I do prefer to manage my code in file and I use PDO.
I test my code and server security using tool like Netsparker.
I guess it's a matter of preferences and setup, application size and type, ressource and traffic...
This is a good question...
I use it only for some specific cases.
One of the case example is instead of running a cron job or MS Scheduler it is possible to use a store procedure that will automatically be triggered at specific time so it may be useful in a case like this.
I would not use it for regular case as I do prefer to manage my code in file and I use PDO.
I test my code and server security using tool like Netsparker.
I guess it's a matter of preferences and setup, application size and type, ressource and traffic...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As far as protecting against SQL injection, using query builder or eloquent is using PDO. Security from that standpoint will be similar.
I would believe that performance is going to be hard to measure and not being a dba, I personally couldn't tell the difference.
How you insert a record using a SP vs building a query is going to be similar. I think the advantage for the developer to not use a SP is the ease of use as far as debugging or having to make changes and not relying on somebody else to update the DB.
How executing a SP in code looks similar to just building the insert or select with the query builder https://laracasts.com/discuss/channels/general-discussion/running-stored-procedures or eloquent.
Because everything else is similar. having all the code in one spot I feel will be easier. Especially if you use a developer for a short period of time, then another jumps in, it would be easier for the new developer to understand what is going on by having the queries in querybuilder or eloquent.
I too would be interested in other viewpoints.