Once upon a time I was under the influence of vendor marketing and used stored procedures extensively, now I am against them altogether, so that's where I stand.
The vendors have you believe that :
1) They are more secure. Implying that you access your data through them nstead of direct table access.
2) They are faster.
3) You can customize them outside your application compiled logic.
My case against them is this :
1) They are infinitely more complex to write and debug.
2) They are not faster
3) They are not needed with the new programming models.
4) They lock you down to a vendor.
5) Customizable yes but a maintenance nightmare.
1)More complex
I guess no one would argue that they are more complex to write and debug even with our new tools.
The point here is that once you have done this, no one dares to touch them again.
I consulted on a project for a Core Banking vendor which had about 1 million lines in PL/SQL on Oracle, and the system was only 50% done. They couldn't get people to continue the work as it was so convoluted.
2)Not Faster
This is a shocker, they are not faster at least in my tests. I had an old project which was built on SQL Server and I wanted to have it portable to MySql, SQLite and other DB's. The app used 3 stored procs and 4 table functions
which are not available on the other systems.
I decided what the hell, I will take the queries in the procs and write them as strings in my DAL layer.
The shocking thing was that the code in the DAL performed 20% faster than the procs on the same platform.
Better still I was able to optimize the strings queries (which I dared not in SP) and make them another 10% faster and 50% smaller (character count) [4 functions and 1 SP in one dynamic query string].
All the while it worked on all the DB's I wanted.
3)Not Needed in New Models
Once upon a time we did application integration at a data layer, and that's where all the SP's and Function need originated from, to ensure data integrity and access control.
Nowadays, no one in their right mind would expose their database to the world. They build application layers which abstract the data layer and offer that as API's etc.
So most of the benefits of SP security is handled at a higher level than the database anyway.
4)Vendor Lock down
No surprise here, although many people might not mind.
5)Customizable
This I partially agree on, and in certain cases it does help you get a quick fix done on site.
But the problem is if you are writing and selling products as opposed to one-off solutions, this becomes a maintenance nightmare as production changes overwrite the SP and mess up the users expectations.
Your thoughts please.