When using stored procedures, instead of
passing the SQL code you want executed, you just call the stored procedure and the values for
any parameters it might have. Using stored procedures for data operations has the following
advantages:
CHAPTER 4 ?– CREATING THE PRODUCT CATALOG: PART 1 82
??? Performance can be better, because MySQL generates an execution plan for the queries
in the stored procedure when it??™s first executed, and then reuses the same plan on subsequent
executions of the procedure.
??? Using stored procedures allows for better maintainability of the data access and manipulation
code, which is stored in a central place, and permits easier implementation of
the three-tier architecture (the database stored procedures forming the data tier).
??? Security can be better controlled, because MySQL permits setting different security
permissions for each stored procedure.
??? SQL queries created ad hoc in PHP code are more vulnerable to SQL injection attacks,
which is a major security threat (many Internet resources cover this security subject,
and you can find the most popular of them by Googling for ???SQL injection attack???).
??? This might be a matter of taste, but separating the SQL logic from the PHP code keeps
the PHP code cleaner and easier to manage; it simply looks better to execute a stored
procedure than to build SQL queries by joining strings in PHP.
Pages:
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161